mstarke
commented
6 years ago Hi Rajiv, KDBX files consist of a tree of groups and entries. Entries contain a key-value store with some pre-defined keys. (Username, Password, Title, URL, …) each attribute can be set to be protected (in Memory) to harden the security.
You can set "protect" to YES for every single attribute. In older versions of KeePass, you were able to set those flags for the whole database for the default values. This behaviour has been removed and is replaced with a default behaviour of setting protect to YES for passwords all the time, regardless of what they were set to.
What does protect mean in terms of behaviour: On serialisation, protected attributes will get XORED with a random stream before being written to XML. Keepasskit will store attributes XORED in memory regardless of their protected setting, so for the run-time behaviour this flag doesn't have any effect
If you have any more questions, feel free to ask.
I'd love to see your results for an iOS client but keep in mind, that GPL software is not compatible with the App Store.
rajivshah3
I'm implementing KeePassKit into an iOS app so that users can create KDBX files and export them. I'm a bit new to KeePass in general. I noticed the
setProtectPasswordfunction https://github.com/MacPass/KeePassKit/blob/278f66d41c2ade5119abf8fd303696118cc0549c/KeePassKit/Core/KPKEntry.m#L588 but I'm not sure how to call it. It seems important, however. How do I call it and what does it do?