Integers are stored in little endian format.
11 |
18 | The magic bytes are used as a first check to determine if a file could be
19 | a KDBX file.
20 |
21 |
25 | This field is uint32, where the upper 16 bits represent the major version,
26 | and the lower 16 bits represent the minor version.
27 |
28 |
34 | The header consists of a number of header fields. The order of the fields
35 | is not important. Header fields are read until the end of header field is
36 | encountered. A header field starts with a header with the following
37 | structure:
38 |
39 | followed by the field data.
44 |
53 | -
54 | id 0
55 |
size 4
56 | data 0x0d, 0x0a, 0x0d, 0x0a
57 |
58 |
59 |
60 |
61 | -
62 | comment
63 |
64 |
id 1
65 |
66 | The comment field seems to be ignored in KeePass.
67 |
68 |
69 |
70 |
71 | -
72 | cipher id
73 |
74 |
id 2
75 |
76 |
77 | The cipher id is 16 bytes. For AES-CBC with PKCS7 padding, which is
78 | the default cipher, the id is
79 |
80 |
81 | 0x31,0xc1,0xf2,0xe6,0xbf,0x71,0x43,0x50,0xbe,0x58,0x05,0x21,0x6a,0xfc,0x5a,0xff
82 |
83 |
84 |
85 |
86 |
87 | -
88 | compression
89 |
90 |
id 3
91 | size 4
92 | data 0x00,0x00,0x00,0x00 (no compression)
93 |
94 |
95 |
96 |
97 | -
98 | master seed
99 |
100 |
id 4
101 | size 32
102 |
103 |
104 | The master seed is a 32 byte salt value for the key transformation.
105 |
106 |
107 |
108 |
109 |
110 | -
111 | transform seed
112 |
113 |
id 5
114 |
115 | size KeePass writes 32 bytes of transform seed, but accepts a seed of
116 | any length when reading a file.
117 |
118 |
119 |
120 | The transform seed is another salt value for the key transformation.
121 |
122 |
123 |
124 |
125 |
126 | -
127 | number of transform rounds
128 |
129 |
id 6
130 | size 8
131 |
132 | The number of key transformation rounds, expressed as an uint64.
133 |
134 |
135 |
136 |
137 | -
138 | iv
139 |
140 |
id 7
141 |
142 | size KeePass always writes 16 bytes of IV, but the length is not
143 | checked when reading the file.
144 |
145 |
146 | Having the wrong IV length would cause an exception in the encryption
147 | engine, though.
148 |
149 |
150 | The IV of the cipher.
151 |
152 |
153 |
154 |
155 | -
156 | protected stream key
157 |
158 |
id 8
159 |
160 | size KeePass always writes 32 bytes, but length is not checked when
161 | reading the file.
162 |
163 |
164 |
165 | the protected stream key seems to be a way to obfuscate some fields of
166 | the decrypted file.
167 |
168 |
169 |
170 |
171 |
172 | -
173 | stream start bytes
174 |
175 |
id 9
176 | size 32
177 |
178 |
179 | the initial 32 bytes of the decrypted stream, used to verify that the
180 | decryption key is
181 |
182 | probably correct before decrypting the entire stream
183 |
184 |
185 |
186 |
187 | -
188 | inner random stream id
189 |
190 |
id 10
191 | size 4
192 |
193 |
194 | an uint32 giving the algorithm used to produce the random stream used
195 | with the protected stream key for obfuscation
196 |
197 |
198 |
199 |
200 |
201 |
202 |
203 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Awesome KeePass Projects [](https://github.com/sindresorhus/awesome)
2 |
3 | A curated list of [KeePass](https://keepass.info/)-related projects.
4 |
5 | > ⭐️ Thanks **everyone** who has starred the project, it means a lot!
6 |
7 | KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put
8 | all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one
9 | single master password or select the key file to unlock the whole database. The databases are encrypted using the best
10 | and most secure encryption algorithms currently known (AES and Twofish).
11 |
12 | ## Content
13 |
14 | * [Clients](#clients)
15 | * [Cross-platform clients](#cross-platform)
16 | * [Windows clients](#windows-clients)
17 | * [MacOS clients](#macos-clients)
18 | * [Web clients](#web-clients)
19 | * [iOS clients](#ios-clients)
20 | * [Android clients](#android-clients)
21 | * [Extensions clients](#extensions-clients)
22 | * [Other clients](#other-clients)
23 | * [API libraries](#api-libraries)
24 | * [Plugins](#plugins)
25 | * [Tools](#tools)
26 | * [Security](#security)
27 | * [Docs and articles](#docs-and-articles)
28 | * [Docs and articles](#docs-and-articles-ru)
29 |
30 | ## Clients
31 |
32 | ### Cross-platform
33 |
34 | * [KeePass](https://sourceforge.net/projects/keepass/) - Official client.
35 | * [mirror of KeePass2.x source code](https://github.com/dlech/KeePass2.x)
36 | * [KeePassXC](https://keepassxc.org/) - KeePass Cross-Platform Community Edition.
37 | * [Source code](https://github.com/keepassxreboot/keepassxc) - `C++` KeePassXC is a cross-platform community-driven
38 | port of the Windows application “Keepass Password Safe”
39 | * [keepassx](https://github.com/keepassx/keepassx): KeePassX is an application for people with extremely high demands on secure personal data management. It has a light interface, is cross platform and published under the terms of the GNU General Public License.
40 | * [KeeWeb](https://keeweb.info/) - Free cross-platform password manager compatible with KeePass.
41 | * [Source Code](https://github.com/keeweb/keeweb)
42 | * [AuthPass](https://github.com/authpass/authpass) - `Dart` Password Manager based on Flutter for all platforms. Keepass
43 | 2.x (kdbx 3.x) compatible
44 | * [KeePass-electron](https://github.com/IlyaPomaskin/KeePass-electron) - Desktop HTML5 client for KeePass 2.
45 | * [OneKeePass](https://github.com/OneKeePass/desktop) - A secure password manager for macOS,Linux and Windows platforms
46 |
47 | ### Windows clients
48 |
49 | * [Keepass Official Desktop Client](https://keepass.info/download.html)
50 | * [ModernKeePass](https://github.com/wismna/ModernKeePass) - `C#` KDBX password manager for the Windows Store
51 | * [KeePass4D](https://github.com/evpobr/KeePass4D) - `delphi` KeePass4D is password manager written in Delphi with Kdbx
52 | format support.
53 |
54 | ### MacOS clients
55 |
56 | * [MacPass](https://macpassapp.org/) - Native OS X KeePass client.
57 | * [Source code](https://github.com/MacPass/MacPass/)
58 | * *closed source* [Strongbox](https://strongboxsafe.com/) - Commercial Password Manager for iOS & OSX. Free tier available.
59 | * *closed source* [Kypass Companion](http://www.kyuran.be/software/kypass4mac/) - A native KeePass compatible client for
60 | macOS (database format 1 and 2).
61 |
62 | ### Web clients
63 |
64 | * [keeweb](https://github.com/keeweb/keeweb) - Free cross-platform password manager compatible with KeePass.
65 | * [keepass4web](https://github.com/lixmal/keepass4web/) - `perl+js` Application that serves KeePass database entries on
66 | a web frontend (DEPRECATED)
67 | * [keepass4web-rs](https://github.com/lixmal/keepass4web-rs) - rewrite of keepass4web in `rust`
68 | * [BrowsePass](https://bitbucket.org/namn/browsepass/overview) - Web application to read KDBX files.
69 | * [keepass-node](https://github.com/gesellix/keepass-node) - KeePass2 editor for Node.js with a browser frontend.
70 | * [Kee Vault](https://github.com/kee-org/keevault) - `js` Kee Vault is a password manager for your web browser. Password
71 | databases (Vaults) are encrypted using the KeePass storage format before being sent to a remote server for
72 | synchronisation across any modern device/browser
73 |
74 | ### iOS clients
75 |
76 | * *closed source* [Strongbox](https://strongboxsafe.com/) - Commercial Password Manager for iOS and OSX. Free tier
77 | available.
78 | * [KeePassium](https://keepassium.com/) - Commercial Open-Source Password Manager for iOS. Free tier available.
79 | * [Source code](https://github.com/keepassium/KeePassium) - `swift` KeePass-compatible password manager for iOS
80 | * `closed source` [Kypass 4](http://www.kyuran.be/software/kypass/) - KyPass is a Password Management for iPhone and
81 | iPad.
82 | * [KeePass Touch](https://apps.apple.com/ru/app/keepass-touch/id966759076)
83 | * `discontinued` [MiniKeePass](https://github.com/MiniKeePass/MiniKeePass)
84 |
85 | ### Android clients
86 |
87 | * [Keepass2Android](https://play.google.com/store/apps/details?id=keepass2android.keepass2android) - Password manager
88 | app for Android.
89 | * [Source code](https://github.com/PhilippC/keepass2android)
90 | * [KeePassDroid](https://play.google.com/store/apps/details?id=com.android.keepass) - KeePass implementation for
91 | android.
92 | * [Source code](https://github.com/bpellin/keepassdroid)
93 | * [KeepassDX](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free) - Beta password manager for
94 | Android.
95 | * [Source code](https://github.com/Kunzisoft/KeePassDX)
96 | * [TinyKeePass](https://github.com/sorz/TinyKeePass) - `Java/Kotlin` Another simple read-only KeePass Android app
97 | * [KeePassVault](https://play.google.com/store/apps/details?id=com.ivanovsky.passnotes) - KeePass password manager for Android
98 | * [Source code](https://github.com/aivanovski/keepassvault)
99 |
100 | ### Extensions clients
101 |
102 | * [KeePass Secret Management Extension for PowerShell](https://github.com/JustinGrote/SecretManagement.KeePass) - An
103 | extension vault that uses KeePass for the PowerShell Secret Management module. Store credentials, passwords, API keys,
104 | etc. for use in PowerShell scripts
105 |
106 | ### Other clients
107 |
108 | * [kpcli](http://kpcli.sourceforge.net/) - A command line interface (interactive shell) to work with KeePass 1.x or 2.x database files
109 | * [WinPass](https://github.com/gkardava/WinPass) - KeePass password manager client for Windows Mobile
110 | * [KeePassTouch](https://github.com/DannyGB/KeePassTouch) - `QML&C++` Ubuntu Touch Version of KeePass
111 | * [passhole](https://github.com/Evidlo/passhole) - `python` passhole is a commandline password manager for KeePass
112 | inspired by [pass](https://www.passwordstore.org/)
113 | * [kdbxviewer](https://luelista.net/kdbxviewer/) - Command-line tool written in C for KeePass2 Database files (
114 | kdbx).
115 | * [Source code](https://github.com/luelista/kdbxviewer)
116 | * [keepass-chrome](https://github.com/btd/keepass-chrome) - Small proof of concept extension that loads keepass .kdbx
117 | files and allow to get and add passwords.
118 | * [keepass-diff](https://github.com/Narigo/keepass-diff) - Command-line tool written in Rust to show differences between
119 | two KeePass Database files.
120 | * [kp-diff](https://github.com/aivanovski/kp-diff) - Command-line tool written in Kotlin to show differences between KeePass Database files.
121 | * [keepass-print](https://github.com/mojoaxel/keepass-print) - Command-line tool written in JavaScript to print password list for long-term backup.
122 | * [passifox](https://github.com/pfn/passifox) - Extensions to allow Chrome and Firefox (4.0+) to auto form-fill
123 | passwords from KeePass (requires KeePassHttp).
124 | * [Tusk](https://github.com/subdavis/Tusk) - `archived` - `js` KeePass-compatible browser extension for filling
125 | passwords.
126 |
127 | #### KeePassXC-based
128 |
129 | * [ulauncher-keepassxc](https://github.com/pbkhrv/ulauncher-keepassxc) - Ulauncher extension to quickly search a KeePassXC password manager database
130 | * [git-credential-keepassxc](https://github.com/Frederick888/git-credential-keepassxc) - `rust` Helper that allows Git (
131 | and shell scripts) to use KeePassXC as credential store
132 | * [keepassxc-browser](https://github.com/keepassxreboot/keepassxc-browser) - Extension
133 | for [Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
134 | and [Firefox](https://addons.mozilla.org/es/firefox/addon/keepassxc-browser/) to allow auto form-fill passwords from
135 | KeepassXC.
136 |
137 | ## API libraries
138 |
139 | * [libkeepass](https://github.com/libkeepass/libkeepass) - `python` Low-level Python (2.7/3.x) module to read KeePass
140 | 1.x/KeePassX (v3) and KeePass 2.x (v4) files. *deprecated - use pykeepass*
141 | * [pykeepass](https://github.com/libkeepass/pykeepass) - `python` Python library to interact with keepass databases (
142 | supports KDBX3 and KDBX4)
143 | * [kdbxweb](https://github.com/keeweb/kdbxweb) - `typescript` dbxWeb is a high-performance javascript library for
144 | reading/writing KeePass v2 databases (kdbx) in node.js or browser
145 | * [keepass-rs](https://github.com/sseemayer/keepass-rs) - `Rust` Rust library for reading KeePass database files (kdbx).
146 | * [keepass.io](https://github.com/snapserv/keepass.io) - `javascript` Node.js library for reading and writing KeePass
147 | databases.
148 | * [KeePassKit](https://github.com/MacPass/KeePassKit) - `Objective-C` KeePass database loading, storing and manipulation
149 | framework.
150 | * [KeePassJava2](https://github.com/jorabin/KeePassJava2) - `Java` Java API for KeePass Password Databases - Read/Write
151 | compatible with Keepass versions 2.x (kdbx versions 3 and 4), Read 1.x
152 | * [openkeepass](https://github.com/cternes/openkeepass) - `Java` A java library for reading and writing KeePass
153 | databases. It is an intuitive java library that supports KeePass 2.x database files.
154 | * [kotpass](https://github.com/Anvell/kotpass) - `Kotlin` Provides reading/writing support for KDBX files (versions 3.x/4.x).
155 |
156 | ## Plugins
157 |
158 | * [KeeAnywhere](https://github.com/Kyrodan/KeeAnywhere) - KeePass plugin that provides access to cloud storage providers (cloud drives).
159 | * [keepasshttp](https://github.com/pfn/keepasshttp) - KeePass plugin to expose password entries securely (256bit
160 | AES/CBC) over HTTP.
161 | * [Keebuntu](https://github.com/dlech/Keebuntu) - KeePass 2.x plugins that provide Linux Desktop integration.
162 | * [KeeAgent](https://github.com/dlech/KeeAgent) - Plugin for KeePass 2.x. It allows other programs to access SSH keys
163 | stored in your KeePass database for authentication.
164 | * [AdvancedConnectPlugin](https://github.com/aalbng/AdvancedConnectPlugin) - Plugin for KeePass which gives you the
165 | possibility to provide different applications for direct connections.
166 | * [SIC2KeePass](https://github.com/Alezy80/SIC2KeePass) - This plugin allows to transfer SafeInCloud databases directly
167 | or via exported XML file into KeePass 2.xx password manager.
168 | * [QuickConnectPlugin](https://github.com/cristianst85/QuickConnectPlugin) - Plugin that allows you to connect to
169 | Windows/Linux/ESXi hosts.
170 | * [HIBP Offline Check](https://github.com/mihaifm/HIBPOfflineCheck) - a KeePass plugin for Have I been pwned, can
171 | perform both offline and online checks against the password breach list for any selected password entry
172 | * [KPSimpleBackup](https://github.com/marvinweber/KPSimpleBackup) - This simple plugin lets you backup your .KDBX file
173 | with many advanced options
174 | * [KeePassWinHello](https://github.com/sirAndros/KeePassWinHello) - `C#` Quick unlock KeePass 2 database using
175 | biometrics with Windows Hello
176 | * [FluentPassFinder](https://github.com/yusei36/FluentPassFinder) - `C#` KeePass Plugin with a fluent design search window to quickly find entries and autotype or copy passwords or other fields. Shortcut can be used to open the small search window from everywhere.
177 | * [KeePassQuery](https://github.com/Mikescher/KeePassQuery) - `C#` Query your KeePass with SQL expressions
178 |
179 | ## Tools
180 |
181 | * [pass import](https://github.com/roddhjav/pass-import) - `python` A pass extension for importing data from most of the
182 | existing password manager.
183 | * [KeePass2 to KeePassX Convertor](https://github.com/dvorka/keepass2-to-keepassx) - `java` KeePass2 to KeePassX
184 | password database convertor.
185 | * [enpass-to-keepass](https://github.com/jsphpl/enpass-to-keepass) - `python` Convert an Enpass csv export so it can be
186 | imported to a KeePass database using KeePassXC
187 |
188 | ## Security
189 |
190 | * [mod0keecrack](https://github.com/devio/mod0keecrack) - KeePass 2 database master-password cracker.
191 | * [KeeFarce](https://github.com/denandz/KeeFarce) - Extracts passwords from a KeePass 2.x database, directly from
192 | memory.
193 | * [KeePassHax](https://github.com/HoLLy-HaCKeR/KeePassHax) - Extracts master password from a KeePass 2.x database,
194 | directly from memory. Inspired by KeeFarce.
195 |
196 | ## Docs and articles
197 |
198 | * [KeePass Help Center](https://keepass.info/help/base/index.html) - Official docs and tutorials.
199 | * [KDBX 4](https://keepass.info/help/kb/kdbx_4.html) - Info about KDBX 4 file format.
200 | * [Reverse Engineered KeePass (KDBX 3) File Format](https://max-weller.github.io/kdbx-viewer/kdbx_format.html) ([local copy of article](./doc/))
201 | * [Reading a Keepass 2 file with Go](https://www.sysorchestra.com/2015/06/20/reading-a-keepass-file-from-go/)
202 | * [Keepass file format explained](https://gist.github.com/lgg/e6ccc6e212d18dd2ecd8a8c116fb1e45)
203 | * [KeePass v2.x (KDBX v3.x) file format](https://gist.github.com/msmuenchen/9318327)
204 | * [KeePassXC](https://github.com/keepassxreboot/keepassxc-specs) - a schema and a document.
205 | * [KeePassJava2](https://github.com/jorabin/KeePassJava2#keepassjava2-and-keepass) - a schema and a diagram.
206 | * [KDBX V4 format](https://palant.info/2023/03/29/documenting-keepass-kdbx4-file-format/).
207 |
208 | ## License
209 |
210 | * MIT, [lgg](https://github.com/lgg) and [contributors](https://github.com/lgg/awesome-keepass/graphs/contributors)
211 |
--------------------------------------------------------------------------------