useless error message when opening keepass2 file with no password and no...
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
Hi
I got a useless error message that did not point me in the right direction
and later found out that I just had to check the Master Password checkbox
but the error message did not tell me that. instead it told something cryptic:
Database.kdbx
Failed to load the specified file!
The composite key is invalid!
Make sure the composite key is correct and try again.
Maybe radiobuttons would be more usefull if you have to check something
and an error message like:
Try clicking one of the three boxes next to the options like Master Password or the others.
Best, Jan
KeePass has no way to know what combination you have used to create the master key. It is up to you to remember this information.
As an aid KeePass has an Emergency Sheet (File > Print) that you can print and keep, but it only works once you have opened tha database.
cheers, Paul
Paul, I think this is not about forgotten master password, but rather about usability.
Here's a more formal description:
— Start opening any database
— In the "Open database" dialog, uncheck all the checkboxes
— Press "OK"
Observed result:
— An error message "Composite key is invalid", which is technically correct, but does not direct the user to the obvious solution.
Expected result:
— A more useful message: "Master key is empty. Please provide at least a password or a key file." (For example, see KeePassium screenshot)
Implementation-wise, this check is straightforward to add directly at the KeyPromptForm level.
Edit: formatting.
Last edit: Andrei 2019-07-17
An empty master key is a valid key, as is just a password, only a key file, WUA or a combination of these. KeePass cannot know what combination you have used.
cheers, Paul
Yes, KeePass cannot know what configuration was used to encrypt the DB.
Yes, an empty master key is technically a valid key. However, in any realistic scenario it is a 100% human error. KeePass can certainly detect when the user tries to open the DB without providing any key components. But I regress...
I think it would be a userfriendly setting if KeePass2 would default to checking the first box (Master Password).
That would cause problems if you used only a key file or the WUA.
cheers, Paul
Hinting about possible reasons for the "composite key is invalid" error isn't useful because there are more than a few possible reasons for the error. The dialog would become excessively long and unreadable.
To avoid confusion over the master key composition check the Remember key sources (key file paths, provider names,..) option in
Tools>Options>Advanced(tab)>Advanced(section). My recollection is that the default state is checked. If the option is checked, KeePass will check the master password box when a master password is part of the database, even for a blank password.The setting is optional because a user may object to storing the master key metadata, even though the metadata are not the actual secrets protecting the database. When checked the data is stored locally in the config file. It makes more sense to store this data in the config file because a key file path is more likely to be valid for a local configuration. No matter where the data is stored, it must be in the clear to be useful when the "Enter Master Key" dialog is displayed.
In short, you don't need the hint if you have checked the above option. If you uncheck the option, you are assuming responsibility for knowing the database master key composition.
Finally, It should be your business to know your master key composition whether on not KeePass remembers it. As it has been previously pointed out, an Emergency Sheet can help you with this.
Last edit: wellread1 2019-07-17
This is strange, because I didn't think it was possible to enter text into the Master Password field without the checkbox automatically checking itself in response. Experimentation shows that it is possible to uncheck the box after entering a password (this should probably clear the text box, but it doesn't), but under normal circumstances you'd have to take unusual action to have the box unchecked and the field non-empty.
A blank password is a password. It requires the master password checkbox be checked. The no password case is different. The master password checkbox is not checked.
The documentation includes a concise description of the processing of the individual composite key components. SHA-256 is used for compressing the components of the composite master key (consisting of a password, a key file, a Windows user account key and/or a key provided by a plugin) to a 256-bit key K.
When the master password box is unchecked, the contents of the master password field are most likely ignored and not processed at all. I suspect this behavior is responsible for the undocumented feature where a master password can function as a key file when a key file is not otherwise defined.
Last edit: wellread1 2019-07-18