KeePass for BlackBerry

File Release Notes and Changelog

Release Name: Beta 4

Notes:
KeePass for BlackBerry Readme

Introduction:

KeePass  for BlackBerry is a companion to the popular KeePass Password Safe 
v1. It was inspired by KeePass for J2ME and shares some of the KeePass-
specific database functions.  The user interface and synchronization 
however were written from scratch to take advantage of BlackBerry-unique 
features.

--------------------------------------------------------------------------
Links:

KeePass for BlackBerry: http://keepassbb.sourceforge.net 
OTA Download: http://keepassbb.sourceforge.net/ota/keepassbb.jad

KeePass Password Safe: http://keepass.info/
KeePass for J2ME: http://keepassserver.info/

--------------------------------------------------------------------------
Features:

* Database, group and entry creation, deletion and modification.

* BlackBerry-specific user interface for easy/familiar navigation.

* Find-As-You-Type entry search

* 2-Way Desktop Manager Synchronization Add-In.

* Fully enabled for trackball operation as well as trackwheel.

* Cut and paste is available for entry details.

* "ActiveText" creates links from URLs, email address, etc.

--------------------------------------------------------------------------
Installation:

Your device MUST be running BlackBerry OS 4.2.1 or greater.  At the 
present time, 4.2.0 is NOT suported.  There are some basic capabilities 
(like PasswordEditField) that didn't show up until 4.2.1.

For OTA installation, visit the OTA download link above.

For desktop installation, download the .msi file and run it from the 
command line or directly from Windows Explorer.  It will install the 
Desktop Manager Synchronization Add-In and extract the cod and alx files 
you'll need to install on the device. Use the Desktop Manager Application 
Loader to get the software into your device.

When the installation is completed, open the Desktop Manager 
Synchronization tool and go to the Configuration tab.  Press the Configure 
Add-Ins button and you should see the Add-In listed.  Check the box and 
press the "Configure" button to set the location of your KeePass database 
file.  

--------------------------------------------------------------------------
Getting Started:

There are 4 ways to get your database onto the device.

1.  Use the Desktop Manager Add-In (preferred).

2.  Via  HTTP/HTTPS. If you have access to a web server you can upload 
your database from your desktop, then download it to your device 
from inside KeePassBB.

3.  Via a removable storage card. Copy the database into the card then 
move the card to the device or connect your device to your desktop and 
copy the database directly. Don't forget to unplug the device again or it 
won't be able to see the contents of the card.

4.  Using the  Roxio Media Manager that's installed with the latest 
BlackBerry Desktop Manager, you can copy the  database to your device even 
if it doesn't have a removable storage card. There's one "gotcha" though. 
The Media Manager won't move files unless they have a suffix of a well 
known media format.  You'll have to rename your database to something like 
"Database.mp3".

Once on the device you have read/edit access to all groups and entries. By 
default, once the  internal database is loaded it's used until 
synchronization runs or until you manually refresh it from the external 
source.  You can however, configure KeePassBB to automatically load from 
an external source every time it starts.

--------------------------------------------------------------------------
Desktop Synchronization:

WARNING:  Do not attempt to use this Beta release without backing up your 
desktop KeePass database. Although the 2-way sync feature does NOT delete 
records, there's still the outside possibility of file corruption.

Since the device is actually a more secure platform than the desktop, the 
reconciliation of groups and entries takes place on the device. When the 
synchronization process starts, the desktop add-in attempts to first push 
the still encrypted desktop KeePass database file to the device.  If it 
can't open the database, synchronization fails. The device database is 
never pushed to the desktop.  This is to reduce the possibility of someone 
extracting the database from your device.

When the device receives the desktop file, it first checks to see if it has 
a file of its own in its persistent store.  If not, the desktop file is 
simply added to the persistent store and synchronization ends.  If there is 
a file in the persistent store, both files are decrypted and reconciled.
The result is stored on the device and pushed back to the desktop.

Because decryption of both files is performed on the device, the password 
for the device database MUST be the same as the password for the desktop 
database and you must have successfully opened the  database on the device 
at least once since powering it on.  KeePassBB then saves a hashed copy 
(never plaintext) of the password in protected storage to use for 
subsequent syncronizations. If you have the "Content Protection" feature 
enabled for the device, the hash is encrypted but either way, it's 
protected by a signing key such that only KeePassBB can get it back out 
again.  The RuntimeStore also doesn't survive a power cycle. So even if 
someone managed to get your device, and wanted to attach directly to the 
memory chips, they won't be able to get it.

If you device is set to use "Content Encryption", the device must be 
unlocked to complete a sync.  If it's locked, the sync process won't 
have access to the cached password hash.

Entries and groups added to either the device or desktop are pushed 
to the other.

Entries whose last modified times are different (with a 5 second buffer) 
are synchronized such that the entry with the latest last modified time 
wins.

If only the Last Access time is different, the entry on both the device 
and desktop is modified with the latest time.

TIMEZONE WARNING:  The KeePass database format stores dates and times
in "local" time.  If the timezones on the device and desktop don't agree,
the one having the later time will always win.

Groups or entries deleted from one platform are NOT deleted from the 
other. The complexities involved and the risks of an improper deletion are 
too great. If you need to delete, do it on both platforms.

Check the device's log (<ALT>LGLG) to see a syncronization report.

--------------------------------------------------------------------------
Performance:

AES encryption on the device is actually pretty speedy.  For most files, 
the bulk of the encryption and decryption time is actually spent converting 
your password to an encryption key.  KeePass uses a scheme where it hashes 
the password then cyclicly encrypts it before actually using to to process 
data.  The number of cycles defaults to 6000. This is hardly noticeable on 
the desktop but can take a few seconds on the device. When you see the 
progress bar in KeePassBB your're actually seeing the progresss of the 
cyclic key encryption.  The pause at 95% is the actual decryption of the 
data.

Keep this in mind when you perform desktop synchronization because 2 files 
have to go through this process.

Performance also has implications when saving changes to the database.
By default, changes you make to groups and entries cause the entire database
to be saved when you exit the group or entry details screen.  If you have
a large number of entries, this can take more than a few seconds.  If you
feel the delay is too long, you can set an option to save the database
when you exit the application instead.  The down side to this is that if
something happens to your device before you exit the app, your changes
will be lost.

--------------------------------------------------------------------------
Notable Configurable options:

Auto import from external file: If you use the Media Manager to keep the 
file on the device in synch with the file on the desktop, this option will 
allow you to automatically reload the file each time you start KeePassBB.

Inactivity Timeout: You can set a timeout that automatically closes 
KeePassBB after the time expires.

Reopen without password: You can tell KeePassBB to stay in the background 
when you press Escape from the main menu, instead of closing. This will 
allow you  to get back in without using the password. The timeout set above 
still applies though so you can't accidentally leave KeePassBB active 
forever.

Close when holstered: Regardless of the timeout and reopen settings, 
KeePassBB will close itself when you holster the device.

"Single Click" options: You can set KeePassBB to automatically open a 
password entry when you single click on it.  Separately, you can set 
KeePassBB to automatically expand or collapse groups when you single click 
on them.  For devices without a separate menu button, you'll only be able 
to set 1 or the other. If you set both, you'd never be able to get to the 
main menu.

Auto Expand: When set, automatically expands all groups in the tree for 
quick navigation.

--------------------------------------------------------------------------
Limitations:

This release does not support moving entries or groups.





Changes:
KeePass for BlackBerry Change Log

--- KeePassBB Beta 4 - Build 0.4.263 - Released October 3 2007

* Fixed [ 1806701 ] Backups fail on KeePassBBDatabaseObject

--- KeePassBB Beta 4 - Build 0.4.245 - Released September 30 2007

* Added "paste" as an option in the database password dialog
* Fixed [ 1805231 ] Group delete causes an NPE
* Fixed [ 1802941 ] Desktop Add-In config isn't saving the database path
* Fixed [ 1805419 ] Bad password was giving an ugly error message


--- KeePassBB Beta 4 - Build 0.4.238 - Released September 28 2007

* Added Search feature (similar to address book)
* Cleaned up Statistics screen.
* Cleaned up "save" functions.  See the Performance topic in the Readme.
* Fixed [ 1804571 ] Sync isn't handling out of order groups correctly
* Fixed [ 1804401 ] Device is being updated even if sync fails
* Fixed [ 1803663 ] Icon chooser only works with enter key
* Fixed [ 1802943 ] NPE on app exit
* Fixed [ 1802939 ] Occasional ArrayIndex error with icon chooser

--- KeePassBB Beta 4 - Build 0.4.213 - Released September 23 2007

* Fixed 1800699 IllegalArgumentException when creating new database.
* Fixed 1800823 Adding new top-level group fails.

--- KeePassBB Beta 4 - Build 0.4.205 - Released September 22 2007

WARNING:  Do not attempt to use this release without backing up your 
desktop KeePass database. Although the 2-way sync feature does NOT 
delete records, there's still the outside possibility of file corruption.

* Added database/group/entry create, edit and delete functions.
* Added 2-way record level add/change synchronization with desktop.
* Added Change Database Password function.
* Added icon chooser for entries and groups.