KeePassJava2 icon indicating copy to clipboard operation
KeePassJava2 copied to clipboard

Published 20 hours ago verified publisher icon jorabin

Writing and saving to V4-ChaCha-AES/test123-ChaCha20-AES saves them with AES encryption

Open ng-23 opened this issue 2 years ago • 3 comments

I tried adding a new group and entry to the test databases in the title and their encryption was changed from ChaCha20 to AES. I suspect it has something to do with (1) both files being KDBX 3.1 and (2) ChaCha20 encryption being reserved for KDBX 4.x in KeePass versions 2.44+, as mentioned here.

ng-23 avatar Jul 21 '22 18:07 ng-23

I'm not clear what you are describing here, can you clarify, please?

jorabin avatar Aug 09 '22 16:08 jorabin

Basically, if you made any changes to the cipher algorithm/KDF algorithm (i.e. chose ChaCha20 instead of AES as the cipher), saving with the API will ignore them and assume the defaults (AES for cipher and KDF, as well as default transform rounds for KDF). I think it mainly has to do with how the save method in KdbxStreamFormat creates a default KDBX header itself each time and uses that when saving the database. Since the method itself is making the header, you have no control over it and thus whatever fields a KdbxHeader object has when its constructor is called is what the header of your database will have after saving, which may/may not be what you wanted.

In my fork, I added another save method to KdbxStreamFormat that takes a KdbxHeader as a parameter and uses it instead of creating a new KdbxHeader itself. This would allow you to create a KdbxHeader yourself outside the save method, customize its fields with the setters, and then pass it to that save method. I don't know if this the best solution but it does give you control over the header and allows for saving with more than just AES for cipher and KDF.

ng-23 avatar Aug 09 '22 16:08 ng-23

Thanks for the clarification. That's definitely one for the list.

jorabin avatar Aug 09 '22 16:08 jorabin

This turned out to be a lot more complicated than I had expected. The basic idea has been to add a method to the underlying Database interface

   <C extends StreamConfiguration> void save(StreamFormat<C> streamFormat, Credentials credentials, OutputStream outputStream) throws IOException;

For most purposes StreamFormat is KdbxStreamFormat and StreamConfiguration is KdbxHeader.

The static methods load for the various Database implementations also get a StreamFormat parameter.

The simple implementation is yet to be done at the time of this comment. Watch for that commit.

jorabin avatar May 07 '23 20:05 jorabin

closed in 2.2.1

jorabin avatar Aug 22 '23 11:08 jorabin