Josh - 2006-04-10


I am about to start work on a javascript implementation of a KeePass-like program.  The idea is that by implementing the encryption/decryption entirely on the client side you can have secure, remote accessible passwords.  I use and LOVE KeePass on the desktop but would like to be able to access my passwords even if I'm on a machine that I can't use KeePass on.  Thus, my goal is to make this application create files that are binary-compatible with KeePass.

I know that I can try to dissect the sources (I already started doing that), but I was wondering if there is any kind of documentation on the file format available, beyond the reference implementation.

If there is no documentation, could someone offer brief insight into the file format in general, to make reading the source code a little bit less daunting?

What I've gathered so far is that a brief header, whose format is defined by a struct, contains information to decrypt the subsequent bytes...

If explaining the binary file format would be too arduous, second prize would be a schema/doc for the XML Export data.

Like I said above, I would prefer using the binary format for compatibility.

Since the XML file format contains all of the data that KeePass keeps track of, is there any chance that - in the future - KeePass might just use an encrypted XML file as its storage backing?

In my opinion, first prize for a file format would be this a tar archive containing two files:
  - metadata.xml - the metadata formatted as XML
  - data.xml.enc - the encrypted XML database

I think that it would be an extremely functional, easy to use/understand format.

Thanks for all of your fantastic efforts!

Josh Danziger