I've searched and read a number of the existing threads on Dropbox and syncing but I either haven't found the exact circumstances, or else I have but I've not recognised them as such :(
I have two PCs: one home, one work. I use Dropbox on the home PC for several things, including KeePass. The work PC can not have the Dropbox client installed on it. It's not permitted and it does not work even if you do install it. However I do use the KPDataSave plug-in at work. I have a copy of the KeePass database on my work PC. If any changes are made to the KeePass database at my work PC then these are saved locally on that PC and, by KPDataSave, to my Dropbox web account. That new database is then immediately accessible at home via Dropbox as normal. KPDataSave is excellent, very stable and consistent - works every time.
However KPDataSave is write-only. Is there a similar mechanism that will allow my work PC to interrogate my Dropbox web account for a newer version of the KeePass database and download it if needed before attempting to open it?
Let's say I make a change at home. That change is written to a local home copy and to my Dropbox web account. My local work copy is now out of date. When at work I need to log in to my Dropbox web account to check the last data and time and possibly to download the new copy of the database. But where's my Dropbox web password? It's in my KeePass database of course! So I need to open the old work database, get the Dropbox login info, check if I need to download the new version, close the old one, download and open the new one etc etc ... (You can see where user error is going to feature heavily in the final version of this story!)
So, am I going about this entirely the wrong way? Is there a better (=simpler =more foolproof) solution to keeping two PCs synced when one of them has restrictions like this? I've tried pointing my work PC towards the URL in Dropbox when opening the database, (https://www.dropbox.com/[xxxxxxxxxxx].kdbx) but I still need to enter my ID and password for Dropbox. And they're inside the Keepass database I'm trying to open. I've no idea what they are.
I'm pretty sure I've made a major conceptual blunder in understanding how syncing should work (with or without Dropbox) but right now I can't see my way forward.
Ideas?
Thanks in advance,
Ken
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Since you can not use the Dropbox client at work and the KPDataSave plugin doesn't download you will need to do something else. Most of the alternatives are considerably more manual or will take some work and research on your part but I can think of a few places to start. Some possibilities
Use a different cloud storage service that you can access from work. There are plugins available for Google Drive and other online storage services.
Use a cloud storage service that supports access via a protocol that KeePass supports natively, such as WebDav, and create a trigger to automate the process.
At work, manually download your database from DropBox using the Dropbox web interface and use KPDataSave to upload it.
Use separate Work and Home password databases (work and home accounts probably don't overlap much).
Put your database on a USB drive, synchronize the database on the USB drive, and carry it between work and home.
Roll your own DropBox utility using the Dropbox API.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I love this forum! These well-informed, detailed and complete answers really mark this place out as a unique resource. Thank you very much - I appreciate the time and thought that has gone in to this.
I'm already doing (3) with problems as indicated in my question (where's my Dropbox password? in my Keepass database), I'm starting to separate info as in (4) and I may consider (5) as the least techy solution provided I back-up my USB regularly.
The one I can definitely rule out is (6)!
Thanks again
Ken
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Since you are already downloading from dropbox the following might work for you. It creates a complete loop that keeps all copies of a single database synchronized.
Name your work and home copies of the database differently (e.g. work.kdbx and home.kdbx). Use the home.kdbx at home and the work.kdbx at work.
At home your working database is home.kdbx. If you make a change to home.kdbx then the next day at work, download the home.kdbx from dropbox and synchronize it with the work copy of work.kdbx
At work your working database is work.kdbx. If you make a change at work then save the work.kdbx to Dropbox. When you get home, synchronize the Dropbox copies of your home.kdbx and work.kdbx
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just a final update on how I'm working now in case it's of any benefit to others.
Because of the restrictions my employer places on various "non-approved" installations I can't use the Dropbox client, I can't install Google Drive etc.
So the problem is always at start-up at work first thing in the morning. I may have made some changes to either or both of my databases while at home the previous evening and they're potentially newer than the last copies I have on my work PC.
Since KPDataSave works so well and unobtrusively at saving my workplace changes back to the Dropbox web service, I was reluctant to keep looking for any other online storage or uploading mechanism.
So I've just created couple of desktop URL shortcuts at work: one pointing to my work database in Dropbox online and one pointing to my personal database in Dropbox online (sorry, did I mention I actually have two databases already?) The only minor change I made to the URL Dropbox provided for these was to change the final characters from "dl=0" to "dl=1" in each case. That way the URL doesn't even attempt to open the kbdx file, it goes straight to downloading it. I simply tell it where to save it, overwriting the previous copy of that database. If it's newer that's fine I've now got the latest, and if they were the same time & date then no harm done.
So far this seems to be working. The two manual click-and-save procedures are simple enough that I don't find them intrusive or time-consuming. Since all attempts at fully automating this process have failed this might just work for me.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
All this while I've been drafting an email (web based) with the database attached to manually sync between my android and pc. Reading your post has inspired me to also want to automate this task as much as possible.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I use KP2A because it correctly syncs the KeePass database and has a nice "quick unlock" feature. I load my database from the cloud but use a cached version just in case.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
No, it's built-in and the author of KP2A would not have added it without considering the possibility of it doing bad things and trashing his reputation, so I'm sure it's checked.
Are you sure you understand KeePass plug-ins? They are not the same as browser plug-ins, in most cases.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm just a basic computer/mobile phone/internet user here. When I first took up password concerns, a decade or more ago, I was thrilled to learn of KeePass, then it's plugins. But then I also learned that KeePass themselves suggested to log on as a normal user to remedy plugin security concerns. Doing so justified to me that there is cause for concern.
To play it safe, I've stayed away from them since, that's the origin of my concern.
Hmm, you know what, it just dawned on me that KP2A, with it's built-in plugin, isn't installed on my PC. I should trust it no more, or less, than any other app installed on my phone...ha
cheers indeed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
KeePass themselves suggested to log on as a normal user to remedy plugin security concerns
I don't think that is correct. Plug-ins are no more or less safe as an admin user vs a normal user. Once a plug-in is running it has full access to KeePass and all your passwords and if the plug-in does bad things then you are in trouble.
Plug-ins listed on the KeePass site (keepass.info) are thought to be safe, but no guarantees are given. It's up to you to decide if the additional features the plug-in provides are worth the risk that the plug-in does bad things - of course if there are reports of a bad plug-in they will be aired here.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That is to protect against malicious programs adding themselves to KeePass, not to stop you running plug-ins. Plug-ins, in the form of PLGX or DLL will not run unless you copy them to the KeePass.exe directory. It also assumes the malicious program is directed specifically at KeePass in the form of a plug-in. To date we have not heard of that specific attack.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, what can i say, it was a personal choice made more than ten years ago. Now, being new to the smartphone arena, I do need to revisit this crossroad. I did, just like I trustef KeePassDroid (or any app), why not KP2A! Fact is, it's installed and working flawlessly with my file accessed via ftp at atspace.com for free.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
I've searched and read a number of the existing threads on Dropbox and syncing but I either haven't found the exact circumstances, or else I have but I've not recognised them as such :(
I have two PCs: one home, one work. I use Dropbox on the home PC for several things, including KeePass. The work PC can not have the Dropbox client installed on it. It's not permitted and it does not work even if you do install it. However I do use the KPDataSave plug-in at work. I have a copy of the KeePass database on my work PC. If any changes are made to the KeePass database at my work PC then these are saved locally on that PC and, by KPDataSave, to my Dropbox web account. That new database is then immediately accessible at home via Dropbox as normal. KPDataSave is excellent, very stable and consistent - works every time.
However KPDataSave is write-only. Is there a similar mechanism that will allow my work PC to interrogate my Dropbox web account for a newer version of the KeePass database and download it if needed before attempting to open it?
Let's say I make a change at home. That change is written to a local home copy and to my Dropbox web account. My local work copy is now out of date. When at work I need to log in to my Dropbox web account to check the last data and time and possibly to download the new copy of the database. But where's my Dropbox web password? It's in my KeePass database of course! So I need to open the old work database, get the Dropbox login info, check if I need to download the new version, close the old one, download and open the new one etc etc ... (You can see where user error is going to feature heavily in the final version of this story!)
So, am I going about this entirely the wrong way? Is there a better (=simpler =more foolproof) solution to keeping two PCs synced when one of them has restrictions like this? I've tried pointing my work PC towards the URL in Dropbox when opening the database, (https://www.dropbox.com/[xxxxxxxxxxx].kdbx) but I still need to enter my ID and password for Dropbox. And they're inside the Keepass database I'm trying to open. I've no idea what they are.
I'm pretty sure I've made a major conceptual blunder in understanding how syncing should work (with or without Dropbox) but right now I can't see my way forward.
Ideas?
Thanks in advance,
Ken
Since you can not use the Dropbox client at work and the KPDataSave plugin doesn't download you will need to do something else. Most of the alternatives are considerably more manual or will take some work and research on your part but I can think of a few places to start. Some possibilities
Use a different cloud storage service that you can access from work. There are plugins available for Google Drive and other online storage services.
Use a cloud storage service that supports access via a protocol that KeePass supports natively, such as WebDav, and create a trigger to automate the process.
At work, manually download your database from DropBox using the Dropbox web interface and use KPDataSave to upload it.
Use separate Work and Home password databases (work and home accounts probably don't overlap much).
Put your database on a USB drive, synchronize the database on the USB drive, and carry it between work and home.
Roll your own DropBox utility using the Dropbox API.
I love this forum! These well-informed, detailed and complete answers really mark this place out as a unique resource. Thank you very much - I appreciate the time and thought that has gone in to this.
I'm already doing (3) with problems as indicated in my question (where's my Dropbox password? in my Keepass database), I'm starting to separate info as in (4) and I may consider (5) as the least techy solution provided I back-up my USB regularly.
The one I can definitely rule out is (6)!
Thanks again
Ken
Since you are already downloading from dropbox the following might work for you. It creates a complete loop that keeps all copies of a single database synchronized.
Hi
Just a final update on how I'm working now in case it's of any benefit to others.
Because of the restrictions my employer places on various "non-approved" installations I can't use the Dropbox client, I can't install Google Drive etc.
So the problem is always at start-up at work first thing in the morning. I may have made some changes to either or both of my databases while at home the previous evening and they're potentially newer than the last copies I have on my work PC.
Since KPDataSave works so well and unobtrusively at saving my workplace changes back to the Dropbox web service, I was reluctant to keep looking for any other online storage or uploading mechanism.
So I've just created couple of desktop URL shortcuts at work: one pointing to my work database in Dropbox online and one pointing to my personal database in Dropbox online (sorry, did I mention I actually have two databases already?) The only minor change I made to the URL Dropbox provided for these was to change the final characters from "dl=0" to "dl=1" in each case. That way the URL doesn't even attempt to open the kbdx file, it goes straight to downloading it. I simply tell it where to save it, overwriting the previous copy of that database. If it's newer that's fine I've now got the latest, and if they were the same time & date then no harm done.
So far this seems to be working. The two manual click-and-save procedures are simple enough that I don't find them intrusive or time-consuming. Since all attempts at fully automating this process have failed this might just work for me.
Hmm, interesting.
All this while I've been drafting an email (web based) with the database attached to manually sync between my android and pc. Reading your post has inspired me to also want to automate this task as much as possible.
Another interesting find, keepass2android.
I use KP2A because it correctly syncs the KeePass database and has a nice "quick unlock" feature. I load my database from the cloud but use a cached version just in case.
cheers, Paul
I just realized it comes with a built-in plug-in, I fear those so it's back to KeePassDroid for me.
What built-in plug-in? I see no additional components in my copy, just a quality port of KeePass code to Android.
cheers, Paul
Is TrayTotp a built-in plugin?
Adding TrayTOTP is just sensible for an Android password management application - it is a Google thing.
Why do you trust the author of KeePassDroid but not KP2A? Have either given you cause to be concerned about security?
cheers, Paul
So it is a plug-in, I fear those, so it's back to KeePassDroid for me.
EDIT: it's not any individual, it's the workings of plug-ins that I don't trust. I think it's an open invitation for trouble from those seeking it.
Last edit: Dude 2014-12-21
No, it's built-in and the author of KP2A would not have added it without considering the possibility of it doing bad things and trashing his reputation, so I'm sure it's checked.
Are you sure you understand KeePass plug-ins? They are not the same as browser plug-ins, in most cases.
cheers, Paul
I'm just a basic computer/mobile phone/internet user here. When I first took up password concerns, a decade or more ago, I was thrilled to learn of KeePass, then it's plugins. But then I also learned that KeePass themselves suggested to log on as a normal user to remedy plugin security concerns. Doing so justified to me that there is cause for concern.
To play it safe, I've stayed away from them since, that's the origin of my concern.
Hmm, you know what, it just dawned on me that KP2A, with it's built-in plugin, isn't installed on my PC. I should trust it no more, or less, than any other app installed on my phone...ha
cheers indeed
I don't think that is correct. Plug-ins are no more or less safe as an admin user vs a normal user. Once a plug-in is running it has full access to KeePass and all your passwords and if the plug-in does bad things then you are in trouble.
Plug-ins listed on the KeePass site (keepass.info) are thought to be safe, but no guarantees are given. It's up to you to decide if the additional features the plug-in provides are worth the risk that the plug-in does bad things - of course if there are reports of a bad plug-in they will be aired here.
cheers, Paul
Here it is pasted from below under the header "Security":
http://keepass.info/help/v2/plugins.html
That is to protect against malicious programs adding themselves to KeePass, not to stop you running plug-ins. Plug-ins, in the form of PLGX or DLL will not run unless you copy them to the KeePass.exe directory. It also assumes the malicious program is directed specifically at KeePass in the form of a plug-in. To date we have not heard of that specific attack.
cheers, Paul
Well, what can i say, it was a personal choice made more than ten years ago. Now, being new to the smartphone arena, I do need to revisit this crossroad. I did, just like I trustef KeePassDroid (or any app), why not KP2A! Fact is, it's installed and working flawlessly with my file accessed via ftp at atspace.com for free.