An implementation of GOST R 34.12-2015 cipher for KeePass
Clone or download
Latest commit 8ecc8ca Nov 5, 2015
Failed to load latest commit information.
GostPlugin Release 2.1 Oct 2, 2015
GostPluginSpeedTests Remove unsafe code Sep 30, 2015
GostPluginTests Release 2.1 Oct 2, 2015
.gitattributes Initial Commit Apr 24, 2015
.gitignore Initial Commit Apr 24, 2015
GostPlugin.sln Update for 2.0.0 pre-release Sep 17, 2015
LICENSE Initial commit Apr 24, 2015 Update Nov 5, 2015


Enables KeePass 2.x to encrypt databases using the GOST R 34.12-2015 algorithm.

GitHub license GitHub release Github Releases

Join the chat at

Latest 2.0 release is incompatible with older 1.x versions and then should be used with caution


  • Implementation of two ciphers defined within GOST R 34.12-2015: Kuznyechik and Magma (formely GOST 28147-89)
  • Both ciphers use 256-bit key; Kuznyechik handles 128-bit blocks and Magma – 64-bit blocks
  • This implementation uses Cipher Feedback (CFB) mode


  1. Download latest release
  2. Make sure that calculated checksum for matches specified on release page
  3. Unzip and verify digital signature of GostPlugin.dll assembly
  4. Simply copy GostPlugin.dll to your KeePass directory and restart the application

If you're migrating from 1.x version, then change database encryption algorithm to AES before replacing plugin DLL.


  1. Make sure that GOST R 34.12-2015 Plugin is listed in Tools → Plugins... dialog
  2. Switch encryption algorithm in your database's options dialog as described in Database Settings section of KeePass documentation


  • Reddit community and PolyPill for their commitment to quality of the code by conducting code review
  • Habrahabr community, sftp, milabs for their feedback and valuable support in performance optimization techniques
  • Michael Ospanov for reporting and resolving Addition Modulo 2^32 bug and performance improvement suggestions
  • Markku-Juhani O. Saarinen for Kuznyechik implementation