I would like to have the ability to add passwords that remain completely hidden from view even when the program is opened normally, until such time as a preconfigured procedure of some sort was executed (possibly a unique key-combination?). Having this functionality would allow me to reveal the contents of keepass if put under duress from extortion or legalities, without having to reveal ultra-secret passwords, in order to maintain plausible deniability. I saw this strategy mentioned in some other programs, like Truecrypt, and it sure sounds like a good idea.
Create a second database that you only open when you need the ultra-secret passwords. KeePass 2.x can open multiple databases in the same instance.
And when I am told to open that database too?
you're missing the point entirely.
Data can't be made invisible. Plausible dependability relies on your ability to convince a hostile authority that finds the disguised/hidden/encrypted data that either you didn't know about it or that you can't open it. If the disguised/hidden/encrypted data is inside a KeePass database that you use all the time, then you are not going to be able to convince anyone that you didn't know about it and you can't open it.
Your best bet might be to use something like a TrueCrypt partition and keep the ultra-secret password database in that. See http://www.truecrypt.org/docs/?s=plausible-deniability. Otherwise you can adjust your KeePass settings, database names, and database locations as best you can to avoid detection.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.