Online KeePass reader

Nam Nguyen
2013-09-15
2013-11-20
  • Nam Nguyen

    Nam Nguyen - 2013-09-15

    Hello folks,

    I'm glad to introduce to you BrowsePass, a GPL-licensed JavaScript application and library to open KeePass database version 2 (with KDBX extension) in your browser.

    http://www.bitbucket.org/namn/browsepass

    I've written a short how-to install and use it at my personal blog http://techualization.blogspot.com/2013/09/introducing-browsepass-keepass-on-web.html

    BrowsePass is different from the excellent plugin KeePassHttp by pfn in that it does not require KeePass to function. In fact, you do not need anything else other than your (hopefully recent enough) browser. But that also means many security features in KeePass are NOT available in BrowsePass. Be forewarned.

    Cheers,
    Nam

     
    Last edit: Nam Nguyen 2013-09-18
  • Dominik Reichl

    Dominik Reichl - 2013-09-18

    Does this also work locally? I downloaded the master ZIP package, unpacked it and opened the HTML file in the browser (Firefox 24.0), however I'm not able to drag&drop any KDBX file into it (the drop operation simply does nothing).

    Best regards,
    Dominik

     
  • Nam Nguyen

    Nam Nguyen - 2013-09-19

    I just pushed out a fix (7e3f522819e6cf2d4c667e1ac170567a30505c43) for that issue. Please give it another try. The problem was that I used protocol-relative links to retrieve JQuery. The fix is to always use HTTPS. Thank you for trying, Dominik.
    Nam

     
  • Dominik Reichl

    Dominik Reichl - 2013-09-19

    Great, drag&drop for the KDBX file works now, thanks!

    Despite a few problems (passwords are decrypted incorrectly, drag&drop doesn't work for the key file, ...), it looks very promising. I've added it to the list of KeePass ports on http://keepass.info/download.html . If you wish me to link to a different website, just let me know.

    Best regards,
    Dominik

     
    • Nam Nguyen

      Nam Nguyen - 2013-09-19

      Thank you for linking to it, Dominik.

      Do you have a test case that you can share with me? BrowsePass was able to fully decrypt passwords in the default new database (Michael321 etc.).

      Nam

       
  • AlexVallat

    AlexVallat - 2013-09-19

    passwords are decrypted incorrectly

    I'd consider that a somewhat critical issue, to be honest!

    Taking a quick peek at the source, I'd suggest that this is probably due to you not decrypting protected custom strings or binaries. The KDBX format can't be treated purely as a DOM, as the Salsa random byte stream used for decrypting protected data will be out of synch if you don't decrypt every single string in exactly the order it was written.

    I believe that in the current version of KeePass attachments are never protected, but the file format certainly supports it, and if they are, the Salsa stream must be advanced for them too.

    Alex

     
    • Nam Nguyen

      Nam Nguyen - 2013-09-19

      Aha. Got it. Thanks Alex. Can I safely assume that any element with attribute "protected=true" requires decryption?

       
      • AlexVallat

        AlexVallat - 2013-09-19

        The "protected" attribute is currently only written out for <Value> elements, and only ever with the value "True". So, for the current kdbx file format, as long as you iterate over every <Value> element in file order and for each one with a protected="True" attribute read the same number of bytes as in the Base64 decoded value of the element, then the Salsa stream ought to remain in-synch.

        (I read through a lot of the kdbx serialisation source when trying to optimise deserialisation performance on Android, and eventually creating the kdbp alternative format)

         
        Last edit: AlexVallat 2013-09-19
  • Philipp Crocoll

    Philipp Crocoll - 2013-11-08

    Hi Nam,
    thanks for your interesting project! Just wanted to ask: Are you planning further development like write support as well?

    Philipp

     
    • Nam Nguyen

      Nam Nguyen - 2013-11-20

      Hello Philipp,

      I plan to add read features (attachments, for example).

      I'll wait to see if there's enough demand for write support. I bet there won't be. There should preferably be only one authoritative source, aka the KeePass desktop app.

      Nam

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks