Skip to content

purejava/keepassxc-proxy-access

Repository files navigation

keepassxc-proxy-access

keepassxc-proxy-access

Publish to Maven Central Codacy Badge Maven Central License Donate

A Java library to access KeePassXC via its build-in proxy. Requires KeePassXC 2.6.0 or newer.

Dependency

Add keepassxc-proxy-access as a dependency to your project.

<dependency>
    <groupId>org.purejava</groupId>
    <artifactId>keepassxc-proxy-access</artifactId>
    <version>1.2.5</version>
</dependency>

Usage

The library uses the JSON data format to communicate with KeePassXC. The underlying TweetNaCL crypto library provides the crypto_box functionality that is used to set up an encrypted and secure channel for the components to communicate with each other.

It's fast, easy to use and cross-platform.

Examples on how to use the library can be found in the Maven test classes.

You need to establish a connection to KeePassXC first:

var kpa = new KeepassProxyAccess();
kpa.connect();
kpa.associate();

You'll get an AssociateID and the public key of an IDKeypair created during the initial connection. Both pieces of data combined are needed for further connections. As both are public data, there is no need to store them securely.

Next steps:

    var id = kpa.getAssociateId();
    var keyPair = kpa.getIdKeyPairPublicKey();

    var idKeyMap = List.of(Map.of("id", id, "key", keyPair)); // java 21
    var logins = kpa.getLogins("https://login.url.com/", "", true, idKeyMap);
    // System.out.println(logins) // nested map with credentials

keepassxc-protocol

Communication with KeePassXC happens via the KeePassXC protocol. Currently, the following functionality is implemented:

  • change-public-keys: Request for passing public keys from client to server and back.
  • get-databasehash: Request for receiving the database hash (SHA256) of the current active database.
  • associate: Request for associating a new client with KeePassXC.
  • test-associate: Request for testing if the client has been associated with KeePassXC.
  • generate-password: Request for generating a password. KeePassXC's settings are used.
  • get-logins: Requests for receiving credentials for the current URL match.
  • set-login: Request for adding or updating credentials to the database.
  • lock-database: Request for locking the database from client.
  • get-database-groups: Request to retrieve all database groups together with their groupUuids.
  • create-new-group: Request to create a new group for the given name or path.
  • get-totp: Request for receiving the current TOTP.
  • delete-entry: Request for deleting an entry in the database, identified by its uuid (KeePassXC 2.7.0 and newer).
  • request-autotype: Request autotype from the KeePassXC database (KeePassXC 2.7.0 and newer).
  • passkeys-get: Request for Passkeys authentication (KeePassXC 2.7.7 and newer).
  • passkeys-register: Request for Passkeys credential registration (KeePassXC 2.7.7 and newer).
  • database-locked: A signal from KeePassXC, the current active database is locked.
  • database-unlocked: A signal from KeePassXC, the current active database is unlocked.

Donation

If you like this project, you can give me a cup of coffee :)

paypal

Copyright

Copyright (C) 2021-2024 Ralph Plawetzki

The keepassxc-proxy-access logo is based on an ICONFINDER logo that is published under the Creative Commons Attribution 3.0 Unported licence (CC BY 3.0). I modified the icon to my needs by changing the interior and adding the KeePassXC logo.

The KeePassXC logo is Copyright (C) of https://keepassxc.org/