strongbox-password-safe / strongbox Goto Github PK

I would like to get automatic sync in place.
One way I tried was choosing sync over files and choosing a file in my nextcloud folder.
I selected "edit in place".

When now the file is changed in nextcloud, i get the error

There was a problem opening the safe.
The file doesn't exist.

instead of automatic sync.

Should I instead use "make a copy"?
But then I guess no automatic syncing would take place.

Selecting a folder entry using the radio buttons doesn’t persist for a single folder or multiple folders. If the user selects the folder, the program deselects the folder.

Steps to recreate issue:

1. Open safe
2. Select Edit
3. Tap radio button for a folder (radio button fills with a check mark then empties within a second)
4. Tap again with same result
5. Tap multiple entries and both fill and the empty in the order of my selections

I’m still able to use the Move and Delete functionality if I select the folder and subsequent option quick enough. This appears to be an issue in the latest update because I tried the previous version on my other phone and it works as expected. I updated that phone and experience the same issue on it as well.

Not sure if it matters, but I’m on an iPhone XS Max running 12.1.3.

I like the app password very much but there is a bug with it:
Summary:
It can happen that app locking is disabled until the app is killed and restarted.

Steps to reproduce:
(0. enable app PIN)

1. Kill the app (press home twice in quick succession and push strongbox out of the top of your screen.
2. Start strongbox
3. Press on a safe to open it.
4. While on the password insert dialog for your safe, leave the app.
5. Now entering the app does not need your PIN code anymore, no matter from where you leave it, until you kill the app again (see step 1).

further comments:
This seems to be a problem for all input dialogs, it also works with the change password dialog within a safe.

It would be good to give an indicator of the quality (perhaps simple degrees of entropy) of a password, maybe with a nice Red/Yellow/Green colour indicator. This could be done on the Record View screen or perhaps in a separate Security Review screen for each Safe.

Consider adding/support an action extension similar to the one described in this StackOverflow discussion so that web logon forms can be filled easily in Safari, Chrome etc. easily.

there is no easy method of clearing the clipboard of the phone from the app.
once i've pasted in the password into the web page / app there is no way to clear the clipboard of the phone.

recommend clearing the clipboard during either the following.

1. after a set amount of time. e.g. 10 seconds.
2. after going back into the app
3. or a separate button on the app that clears the clipboard.

Overview:
Its impossible to autofill system passwords (like icloud pw) if convenience pin is activated.

Steps to eproduce:

1. go to system controls
2. try to change your icloud password and hit the autocomplete button (named passwords? I have german ios...)
3. strongbox asks for convenience pin but no confirmation button is there.

Comments:
Maybe the pin input can be done with the same tool as the master credentials, as they work here

It would be great if the app could remember which keyfile was used to open a database. Currently it has to be selected again each time. If database and keyfile have the same name, the keyfile could also be used automatically.

I have already mentioned my desire to have the note section of an entry selectable in a standard iOS manner, rather than just copying the whole note as it is now, but I have a further suggestion that might prove extremely useful.

To use an analogy, I'm often in a situation where I have a piece of paper that I would like to put in my safe. My partners banking details - for example. 2FA codes, things like that.
These thing don't really fit into the standard entry page, at least in a useable way.

Would it be possible to add the ability to create an entry that is purely a note, purely a 'sheet of paper'?
I think this would be invaluable, though I admit my use case could be niche.
I currently use standard notes for this type of thing, but I would love to be able to consolidate this into my main and most trusted password and document vault.

It would be good to expose the time of the last cache (Auto-Fill and Offline) so that people can see that in screens other than autofill.

I have observed a strange behavior when using a safe from the Files app. When I update the safe on my Mac and sync it via iCloud Files, the App wont open the updated safe. Instead a copy appears in my Files app.
Steps to reproduce:

1. I have a safe called 'example.kdbx' in iCloud Files and open it with Strongbox on my iPhone with the option to open in place.
2. Now I close Strongbox and push an updated version of the safe from my Mac.
3. When opening the safe in Strongbox again, it displayes the old version of the safe (maybe cached?)
4. In my Files app there is a second safe now, called 'example 2.kdbx'. This seems to be the file cached by Strongbox, because when I delete this file, Strongbox shows me, that the safe 'example.kdbx' does not exist, when I try to open it.
5. Now I have to remove the link to the old file and reopen the file 'example.kdbx' again.

Would be helpfull, when Strongbox would automatically detect the updated safe.

Thanks for expanding this application to include Keepass. I really enjoy the aesthetics, functionality, and ease of use it provides while allowing me to access my data on my iOS device.

Either I found and issue or I don't understand the expected behavior for my use case.

I have a Keepass database replicated to iCloud that I've opened/linked to in Strongbox using Edit in Place mode on my iPhone running iOS 12.1.2. This is a copy of the master database so it is periodically overwritten with an updated version using a syncing software. I can initially link the database and open it without any issues until the copy in iCloud is updated with a newer version of the same database--same master key, new timestamp--and then Strongbox crashes completely when I try to authenticate using Face ID. I've opened the Files application and made sure the database is download to my device. The only fix is to remove the linked database and add it again from iCloud. I'd expect the application to open the updated database without crashing if all parameters of the database are still the same but that is not the case.

I used KeePassXC (Version 2.3.4) to create a KeePass database with Argon2 and ChaCha20:

That file seems to work flawlessly in Strongbox (Version 1.4.0):

However, the other way around, when creating a new KeePass 2 Advanced (KDBX 4.0, ChaCha20 & Argon2D) database in Strongbox, the saved database cannot be opened in KeePassXC ("Unsupported key derivation function (KDF) or invalid parameters") :

Hi guys

I've been using IOS solution.
Now I want to open the same file I've been using on mobile on my mac with the new desktop app.
I'm getting the error "The document “XXXX.psafe” could not be opened. Strongbox cannot open files in the “Document” format."

¿Can you help me?

Thx
Nico

I try to get syncing to work. I don't have itunes, as I use Linux. I also don't have dropbox or googledrive.

So I tried webdav with nextcloud.
I can connect and it actually shows me the contents of my folder but when i select the database file (a kdbx file), I get the error:

Error Reading Safe File
The operation couldn't be completed. 
(com.MattRajca.DAVKit.error error 404.)

googling it yielded nothing I could understand.

Can anyone help me? The information whether this is a bug in strongbox/nextcloud/webdav or a mistake of mine would also be appreciated.

Using the Files app, I’ve been able to copy a safe from Google drive to the Strongbox folder in iCloud, which then served as a back up for the times that Google Drive is misbehaving.

I would like a direct way to have a Strongbox create a back up on another cloud provider.

https://developer.apple.com/videos/play/wwdc2018/721/

Hi,

I am trying to open my Keepass2 KDBX file in the app on an iphone. When i try to open it, the app gives me an error saying it is not a valid safe file.

I checked in my Keepass on the computer and it has AES/Rijndael 256 bit encryption (I cannot choose anything else). But i also think AES 256 is within the normal range of AES encryption.

I get no further information about what is wrong. It is just a MyKeys.kdbx file. Any other suggestions on how to fix this?

Edit: I tried creating a Keepass 2 Classic safe in the app. I synced it to my computer and tried to open it there. No problem at all. Everything works fine. It has the same encryption but 100 times more rounds. I edited the amount of rounds to the same number as the DB created by strongbox. Same error.

If I change the order of folders via another Keepass app, Strongbox displays them in standard alphabetic order, subsequently syncs back to database in this order. Is there a way to just honour the order it’s imported in?

It would be great if Strongbox could generate those OTP codes used for two factor authentication a la Google Authenticator...

QR Code support would be a bonus

With both pin code and Touch ID selected, incorrect pins code error informs of the need to re enter master credentials, but actually just reverts to Touch ID with pin disabled.
Suggest 3 fails to either Touch ID OR Pin code reverts to needing master credentials.

Many people use a Key File in conjunction with a Passphrase to open their KeePass safes. Support this in Mac, and perhaps somehow on iOS. Need to consider how this would work in the iOS setting.

Where would the file be stored?
How would this interact with Biometric ID?
Is it Passphrase AND Key File or just Key File?

Build has failed with this message:

'ISMessages/ISMessages.h' file not found

ISMessages/ISMessages.h fine not found
SafeDetailsView.m

I already mentioned this in #27 but I think it's cleaner to have a separate request:
I think it would be good if the convenience pin to expire after an amount of time, that should be choosable with a long time, maybe 6 hours or something, even better would be freely choosable time in hours.
After this amount the stored master credentials should be deleted like when the pin is entered wrong three times.

What do you think about this?

It would be useful to allow this offline cache fallback in cases other than being fully offline, e.g. cloud provider issues, bad connectivity etc.

Hi, both of your apps (iOS / macOS) are not available in the french App Store.
Is there a reason ? Needs a translation ?
It would be great to help our security here.
Thank you

When opening an existing database via the ios files app, the Synology Drive app is not shown. Other apps like iCloud or Owncloud are visible. When I open the Files app directly or via another app like whatsapp then the Synology Drive app is visible as storage location.
At first this does not sound like an issue for your software, but I could retrace that the Synology Drive app is shown in other context.

It would be nice if you could come up with a solution.

https://itunes.apple.com/app/synology-drive/id1267275421
https://www.synology.com/en-global/dsm/feature/drive

Would be super handy to be able to add a new record for a login from within the Extension context. Other competitors do something like this. Image below for sample:

https://keepass.info/help/base/fieldrefs.html

when trying to decrypt one of my databases i released it was taking a very long time to decrypt. Or rather it had the "buffering" circle but never said decrypting. After turning on Aeroplane mode on my phone it very quickly went to the "buffering" circle and the decryption text, unlocking the database very quickly.

I have deduced from this that it was syncing my networked database with the local copy, but as i was on a slow network, and i have a large database it was taking a very long time. And it was a pain as I did not need to sync and it was taking a very long time to gain access to my passwords.

As such would it be possible when strongbox is opened to query if the database(s) has been updated, by comparing latest modified dates or something? and then if the local database is the same move directly to decrypting the database. If not then provide a button to sync databases, or if the user decides not to sync make it know that they cannot make changes / the database is out of date?

Is this clear?

...almost not worth opening an issue ticket especially since I don't know if this intended design or not.

When I'm in an entry within a safe, the back indicator initially shows "<". If I select "Edit", the top bar changes to "Cancel" followed by the entry name ready to be edited. If I select "Cancel" without making any changes and revert back to the previous screen, the "<" now shows "< B..k". In the edit screen, If I make a change and select "Done", it appears as previous "<".

Google appear to have updated their api and the existing library built into version 1.7 no longer works. Need to upgrade the Google Drive library.

KeePass sync involves comparing the database before writing changes back to it. Comparing records by UUID and timestamp, and then taking the latest entry, and moving the older staler entry to History. This allows for multiple editors to work on the Database and avoid sync conflicts.

It would involve comparing the XML documents, and so applies only to KeePass 2 Databases. It also depends on the History feature which needs to be implemented separately. More info:

https://keepass.info/help/v2/sync.html

StrongBox does not remember the number of keystretch iterations an existing safe is opened with, and uses the default number (2048 rounds) always when saving changes.

StrongBox should remember the number of rounds, and save with this number.

We should also probably allow this to be configured in safe settings.

Both KeePass and Password Safe databases support the idea of password expiry. It would be good to display a warning, or perhaps a summary dialog of expired passwords.

Most other Keepass apps offer this distinction. I like to try to keep consistant with this type of password (as they’re made for remembering). Would be handy to choose my own separator to be consistant with previous passphrases.

Add password history. It's already in the PWSafe file format but needs to be added to the StrongBox UI.

An extension of the attack described in #40 would be to uninstall strongbox and reinstall it and re-add the password safes to circumvent protected settings.
Therefore i propose to make it impossible to import a safe if one cannot provide its credentials.

Edit: hm, maybe thats actually paranoid. Also: A workaround is to demand icloud password also for free downloads

Edit2: I don’t close this issue in case someone feels this level of paranoia is warranted.
But I‘m fine with closing it.

Edit 3: After some thought I guess, the mentioned iCloud setting is the way to go, so I close this.

Any thought about adding the option for a Safari Extension on the macOS client?

I have created a Keepass Database with KeepassXC on Windows using KDBX 4.0 format, Twofish: 256-bit and Argon2 as key derivation. The database needs a password and a keyfile (*.key) for encryption. This works flawless in KeepassXC 2.3.3 on Windows 10 and Keepass2Android 1.06f on Android 8. But on iOS 12.1.1 I get the error message "unknown cipher". Is strongbox not compatible with the choosen setting of the Keepass Database? Because in the description is written it works with Twofish and Argon2.

A possible attack may be this:

1. Your „friend“ gets hold of your phone goes to strongbox and sets „autolock database“ from „immediately“ to „never“.
2. she hands it back and asks you to log into some account for whatever madeup reason.
3. she gets hold of your phone again and goes to the safe which is still open

Possible solutions:

1. make database autolocking a „per safe“ setting that is changed inside the safe.
   Or
2. protect all app settings by a password.

I like the second better, because it is safer. If it has the same input screen as the master credentials, i could even enter the password with autocomplete and have the password in my safe.

I looked through the code and would just like a clarification because I don't speak objective C and also am not very fluent in regular c.

Are the convenience pins also stored in the keychain and hence encrypted?
I would very much like that.

A password protection (TouchID/FaceID) for the app would be great to protect the locally stored data or the configurations for the cloud data within Strongbox. With a configurable number of failed attempts to open the app, the local data or configurations will be deleted.

There seems to be an issue causing Strongbox on macOS to freeze when clearing the search field after searching a large database (596 entries). This issue is not present when searching the same database on iOS.