strongbox-password-safe / strongbox Goto Github PK
View Code? Open in Web Editor NEWA KeePass/Password Safe Client for iOS and OS X
Home Page: https://strongboxsafe.com
License: GNU Affero General Public License v3.0
A KeePass/Password Safe Client for iOS and OS X
Home Page: https://strongboxsafe.com
License: GNU Affero General Public License v3.0
I would like to get automatic sync in place.
One way I tried was choosing sync over files and choosing a file in my nextcloud folder.
I selected "edit in place".
When now the file is changed in nextcloud, i get the error
There was a problem opening the safe.
The file doesn't exist.
instead of automatic sync.
Should I instead use "make a copy"?
But then I guess no automatic syncing would take place.
Selecting a folder entry using the radio buttons doesn’t persist for a single folder or multiple folders. If the user selects the folder, the program deselects the folder.
Steps to recreate issue:
I’m still able to use the Move and Delete functionality if I select the folder and subsequent option quick enough. This appears to be an issue in the latest update because I tried the previous version on my other phone and it works as expected. I updated that phone and experience the same issue on it as well.
Not sure if it matters, but I’m on an iPhone XS Max running 12.1.3.
I like the app password very much but there is a bug with it:
Summary:
It can happen that app locking is disabled until the app is killed and restarted.
Steps to reproduce:
(0. enable app PIN)
further comments:
This seems to be a problem for all input dialogs, it also works with the change password dialog within a safe.
It would be good to give an indicator of the quality (perhaps simple degrees of entropy) of a password, maybe with a nice Red/Yellow/Green colour indicator. This could be done on the Record View screen or perhaps in a separate Security Review screen for each Safe.
Consider adding/support an action extension similar to the one described in this StackOverflow discussion so that web logon forms can be filled easily in Safari, Chrome etc. easily.
there is no easy method of clearing the clipboard of the phone from the app.
once i've pasted in the password into the web page / app there is no way to clear the clipboard of the phone.
recommend clearing the clipboard during either the following.
Overview:
Its impossible to autofill system passwords (like icloud pw) if convenience pin is activated.
Steps to eproduce:
Comments:
Maybe the pin input can be done with the same tool as the master credentials, as they work here
It would be great if the app could remember which keyfile was used to open a database. Currently it has to be selected again each time. If database and keyfile have the same name, the keyfile could also be used automatically.
I have already mentioned my desire to have the note section of an entry selectable in a standard iOS manner, rather than just copying the whole note as it is now, but I have a further suggestion that might prove extremely useful.
To use an analogy, I'm often in a situation where I have a piece of paper that I would like to put in my safe. My partners banking details - for example. 2FA codes, things like that.
These thing don't really fit into the standard entry page, at least in a useable way.
Would it be possible to add the ability to create an entry that is purely a note, purely a 'sheet of paper'?
I think this would be invaluable, though I admit my use case could be niche.
I currently use standard notes for this type of thing, but I would love to be able to consolidate this into my main and most trusted password and document vault.
It would be good to expose the time of the last cache (Auto-Fill and Offline) so that people can see that in screens other than autofill.
I have observed a strange behavior when using a safe from the Files app. When I update the safe on my Mac and sync it via iCloud Files, the App wont open the updated safe. Instead a copy appears in my Files app.
Steps to reproduce:
Would be helpfull, when Strongbox would automatically detect the updated safe.
Thanks for expanding this application to include Keepass. I really enjoy the aesthetics, functionality, and ease of use it provides while allowing me to access my data on my iOS device.
Either I found and issue or I don't understand the expected behavior for my use case.
I have a Keepass database replicated to iCloud that I've opened/linked to in Strongbox using Edit in Place mode on my iPhone running iOS 12.1.2. This is a copy of the master database so it is periodically overwritten with an updated version using a syncing software. I can initially link the database and open it without any issues until the copy in iCloud is updated with a newer version of the same database--same master key, new timestamp--and then Strongbox crashes completely when I try to authenticate using Face ID. I've opened the Files application and made sure the database is download to my device. The only fix is to remove the linked database and add it again from iCloud. I'd expect the application to open the updated database without crashing if all parameters of the database are still the same but that is not the case.
I used KeePassXC (Version 2.3.4) to create a KeePass database with Argon2 and ChaCha20:
That file seems to work flawlessly in Strongbox (Version 1.4.0):
However, the other way around, when creating a new KeePass 2 Advanced (KDBX 4.0, ChaCha20 & Argon2D) database in Strongbox, the saved database cannot be opened in KeePassXC ("Unsupported key derivation function (KDF) or invalid parameters") :
Hi guys
I've been using IOS solution.
Now I want to open the same file I've been using on mobile on my mac with the new desktop app.
I'm getting the error "The document “XXXX.psafe” could not be opened. Strongbox cannot open files in the “Document” format."
¿Can you help me?
Thx
Nico
I try to get syncing to work. I don't have itunes, as I use Linux. I also don't have dropbox or googledrive.
So I tried webdav with nextcloud.
I can connect and it actually shows me the contents of my folder but when i select the database file (a kdbx file), I get the error:
Error Reading Safe File
The operation couldn't be completed.
(com.MattRajca.DAVKit.error error 404.)
googling it yielded nothing I could understand.
Can anyone help me? The information whether this is a bug in strongbox/nextcloud/webdav or a mistake of mine would also be appreciated.
Using the Files app, I’ve been able to copy a safe from Google drive to the Strongbox folder in iCloud, which then served as a back up for the times that Google Drive is misbehaving.
I would like a direct way to have a Strongbox create a back up on another cloud provider.
Hi,
I am trying to open my Keepass2 KDBX file in the app on an iphone. When i try to open it, the app gives me an error saying it is not a valid safe file.
I checked in my Keepass on the computer and it has AES/Rijndael 256 bit encryption (I cannot choose anything else). But i also think AES 256 is within the normal range of AES encryption.
I get no further information about what is wrong. It is just a MyKeys.kdbx file. Any other suggestions on how to fix this?
Edit: I tried creating a Keepass 2 Classic safe in the app. I synced it to my computer and tried to open it there. No problem at all. Everything works fine. It has the same encryption but 100 times more rounds. I edited the amount of rounds to the same number as the DB created by strongbox. Same error.
If I change the order of folders via another Keepass app, Strongbox displays them in standard alphabetic order, subsequently syncs back to database in this order. Is there a way to just honour the order it’s imported in?
It would be great if Strongbox could generate those OTP codes used for two factor authentication a la Google Authenticator...
QR Code support would be a bonus
With both pin code and Touch ID selected, incorrect pins code error informs of the need to re enter master credentials, but actually just reverts to Touch ID with pin disabled.
Suggest 3 fails to either Touch ID OR Pin code reverts to needing master credentials.
Many people use a Key File in conjunction with a Passphrase to open their KeePass safes. Support this in Mac, and perhaps somehow on iOS. Need to consider how this would work in the iOS setting.
Where would the file be stored?
How would this interact with Biometric ID?
Is it Passphrase AND Key File or just Key File?
Build has failed with this message:
'ISMessages/ISMessages.h' file not found
ISMessages/ISMessages.h fine not found
SafeDetailsView.m
I already mentioned this in #27 but I think it's cleaner to have a separate request:
I think it would be good if the convenience pin to expire after an amount of time, that should be choosable with a long time, maybe 6 hours or something, even better would be freely choosable time in hours.
After this amount the stored master credentials should be deleted like when the pin is entered wrong three times.
What do you think about this?
It would be useful to allow this offline cache fallback in cases other than being fully offline, e.g. cloud provider issues, bad connectivity etc.
Hi, both of your apps (iOS / macOS) are not available in the french App Store.
Is there a reason ? Needs a translation ?
It would be great to help our security here.
Thank you
When opening an existing database via the ios files app, the Synology Drive app is not shown. Other apps like iCloud or Owncloud are visible. When I open the Files app directly or via another app like whatsapp then the Synology Drive app is visible as storage location.
At first this does not sound like an issue for your software, but I could retrace that the Synology Drive app is shown in other context.
It would be nice if you could come up with a solution.
https://itunes.apple.com/app/synology-drive/id1267275421
https://www.synology.com/en-global/dsm/feature/drive
when trying to decrypt one of my databases i released it was taking a very long time to decrypt. Or rather it had the "buffering" circle but never said decrypting. After turning on Aeroplane mode on my phone it very quickly went to the "buffering" circle and the decryption text, unlocking the database very quickly.
I have deduced from this that it was syncing my networked database with the local copy, but as i was on a slow network, and i have a large database it was taking a very long time. And it was a pain as I did not need to sync and it was taking a very long time to gain access to my passwords.
As such would it be possible when strongbox is opened to query if the database(s) has been updated, by comparing latest modified dates or something? and then if the local database is the same move directly to decrypting the database. If not then provide a button to sync databases, or if the user decides not to sync make it know that they cannot make changes / the database is out of date?
Is this clear?
...almost not worth opening an issue ticket especially since I don't know if this intended design or not.
When I'm in an entry within a safe, the back indicator initially shows "<". If I select "Edit", the top bar changes to "Cancel" followed by the entry name ready to be edited. If I select "Cancel" without making any changes and revert back to the previous screen, the "<" now shows "< B..k". In the edit screen, If I make a change and select "Done", it appears as previous "<".
Google appear to have updated their api and the existing library built into version 1.7 no longer works. Need to upgrade the Google Drive library.
KeePass sync involves comparing the database before writing changes back to it. Comparing records by UUID and timestamp, and then taking the latest entry, and moving the older staler entry to History. This allows for multiple editors to work on the Database and avoid sync conflicts.
It would involve comparing the XML documents, and so applies only to KeePass 2 Databases. It also depends on the History feature which needs to be implemented separately. More info:
StrongBox does not remember the number of keystretch iterations an existing safe is opened with, and uses the default number (2048 rounds) always when saving changes.
StrongBox should remember the number of rounds, and save with this number.
We should also probably allow this to be configured in safe settings.
Both KeePass and Password Safe databases support the idea of password expiry. It would be good to display a warning, or perhaps a summary dialog of expired passwords.
Most other Keepass apps offer this distinction. I like to try to keep consistant with this type of password (as they’re made for remembering). Would be handy to choose my own separator to be consistant with previous passphrases.
Add password history. It's already in the PWSafe file format but needs to be added to the StrongBox UI.
An extension of the attack described in #40 would be to uninstall strongbox and reinstall it and re-add the password safes to circumvent protected settings.
Therefore i propose to make it impossible to import a safe if one cannot provide its credentials.
Edit: hm, maybe thats actually paranoid. Also: A workaround is to demand icloud password also for free downloads
Edit2: I don’t close this issue in case someone feels this level of paranoia is warranted.
But I‘m fine with closing it.
Edit 3: After some thought I guess, the mentioned iCloud setting is the way to go, so I close this.
Any thought about adding the option for a Safari Extension on the macOS client?
I have created a Keepass Database with KeepassXC on Windows using KDBX 4.0 format, Twofish: 256-bit and Argon2 as key derivation. The database needs a password and a keyfile (*.key) for encryption. This works flawless in KeepassXC 2.3.3 on Windows 10 and Keepass2Android 1.06f on Android 8. But on iOS 12.1.1 I get the error message "unknown cipher". Is strongbox not compatible with the choosen setting of the Keepass Database? Because in the description is written it works with Twofish and Argon2.
A possible attack may be this:
Possible solutions:
I like the second better, because it is safer. If it has the same input screen as the master credentials, i could even enter the password with autocomplete and have the password in my safe.
I looked through the code and would just like a clarification because I don't speak objective C and also am not very fluent in regular c.
Are the convenience pins also stored in the keychain and hence encrypted?
I would very much like that.
A password protection (TouchID/FaceID) for the app would be great to protect the locally stored data or the configurations for the cloud data within Strongbox. With a configurable number of failed attempts to open the app, the local data or configurations will be deleted.
There seems to be an issue causing Strongbox on macOS to freeze when clearing the search field after searching a large database (596 entries). This issue is not present when searching the same database on iOS.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.