KeePassXC-Browser chrome extension doesn't work in Brave on MacOS

[derzahla]

Description

KeePassXC-Browser chrome extension doesn't work in Brave or Brave-dev on MacOS. I have confirmed the extension works in Chrome.

Steps to Reproduce

1. Install KeePassXC-Browser extension
2. Enable browser integration for brave in KeePassXC (creates Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json - I copied manually for Brave-Browser-Dev)
3. Try to connect to KeePassXC through the extension

Actual result:

Key exchange was not successful.

Expected result:

Reproduces how often:

Consistant

Brave version (brave://version info)

Version/Channel Information:

Brave	0.68.86 Chromium: 75.0.3770.100 (Official Build) dev(64-bit)
Revision	cd0b15c8b6a4e70c44e27f35c37a4029bad3e3b0-refs/branch-heads/3770@{#1033}
OS	Mac OS X

• Can you reproduce this issue with the current release? yes
• Can you reproduce this issue with the beta channel? didnt try
• Can you reproduce this issue with the dev channel? yes
• Can you reproduce this issue with the nightly channel? didnt try

Other Additional Information:

• Does the issue resolve itself when disabling Brave Shields? n/a
• Does the issue resolve itself when disabling Brave Rewards? n/a
• Is the issue reproducible on the latest version of Chrome? No, extension works as expected on latest Chrome

Miscellaneous Information:

See related report on keepassxc-browser github: https://github.com/keepassxreboot/keepassxc-browser/issues/541

debug info:

Connecting to native messaging host org.keepassxc.keepassxc_browser keepass.js:969 Failed to connect: Specified native messaging host not found. keepass.js:1192 Objectmessage: (...)get message: ƒ ()arguments: (...)caller: (...)length: 0name: ""__proto__: ƒ ()apply: ƒ apply()arguments: (...)bind: ƒ bind()call: ƒ call()caller: (...)constructor: ƒ Function()length: 0name: ""toString: ƒ toString()Symbol(Symbol.hasInstance): ƒ [Symbol.hasInstance]()get arguments: ƒ ()set arguments: ƒ ()get caller: ƒ ()set caller: ƒ ()__proto__: Object[[FunctionLocation]]: <unknown>[[Scopes]]: Scopes[0]No properties[[Scopes]]: Scopes[0]No properties__proto__: Object browser-polyfill.min.js:1 Returning a Promise is the preferred way to send a reply from an onMessage/onMessageExternal listener, as the sendResponse will be removed from the specs (See https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/runtime/onMessage) Error at B (chrome-extension://oboonakemofpalcgghocfoadofidjkkk/browser-polyfill.min.js:1:8152) at chrome-extension://oboonakemofpalcgghocfoadofidjkkk/background/event.js:108:9 B @ browser-polyfill.min.js:1 keepass.js:1078 Error 5: Cannot connect to KeePassXC. Check that browser integration is enabled in KeePassXC settings. keepass.js:993 Connecting to native messaging host org.keepassxc.keepassxc_browser keepass.js:969 Failed to connect: Specified native messaging host not found. keepass.js:1192 {}message: (...)get message: ƒ ()arguments: (...)caller: (...)length: 0name: ""__proto__: ƒ ()apply: ƒ apply()arguments: (...)bind: ƒ bind()call: ƒ call()caller: (...)constructor: ƒ Function()length: 0name: ""toString: ƒ toString()Symbol(Symbol.hasInstance): ƒ [Symbol.hasInstance]()get arguments: ƒ ()set arguments: ƒ ()get caller: ƒ ()set caller: ƒ ()__proto__: Object[[FunctionLocation]]: <unknown>[[Scopes]]: Scopes[0][[Scopes]]: Scopes[0]No properties__proto__: constructor: ƒ ()__proto__: Object keepass.js:1078 Error 9: Key exchange was not successful.

[HarukaMa]

According to https://github.com/browserpass/browserpass-native/issues/43#issuecomment-481794094, this is caused by Brave browser still looking for native messaging hosts definitions from ~/Library/Application Support/Google/Chrome/NativeMessagingHosts, not ~/Library/Application Support/BraveSoftware/Brave-Browser{,-Dev,...}/NativeMessagingHosts.

I think this is a completely unexpected behavior and a bug of Brave browser.

[bsclifton]

@HarukaMa good catch - I believe we have a bug captured for this with https://github.com/brave/brave-browser/issues/5272

We did have this solved in Muon, but we didn't carry over the behavior cc: @bridiver

[jobeleau2]

I did install Brave browser for the first time today and that leads me to the same connecting problem described here (thanks HarukaMa!). Brave Version 1.2.43 Chromium: 79.0.3945.130 (Official Build) (64-bit), MacOS 10.13.6, KeePassXC 2.5.2, KeePassXC-Browser extension 1.5.4. My solution to make it works was to enable browser integration for Google Chrome in KeePassXC (Brave is not even enabled!). So this bug still needs to be taken care of…

[haloid2010]

I had the same issue.

Brave Version 1.2.43 Chromium: 79.0.3945.130 (Official Build) (64-bit) KeePassXC-Browser Version: 1.5.4 KeePassXC Version: 2.5.3

Like @jobeleau2, enabling Google Chrome in KeePassXC browser integration settings fixed the issue.

[codeitlikecody]

Still occurring in Brave Version 1.8.96 Chromium: 81.0.4044.138 (Official Build) (64-bit) KeePassXC-Browser Version: 1.6.3 KeePassXC Version: 2.5.4 MacOS Catalina Version 10.15.4 (19E287)

Like @jobeleau2, and @haloid2010, enabling Google Chrome in KeePassXC browser integration settings fixed the issue.

[ArneTR]

Strangely some similar fixed worked for me on macOS Catalina, running Brave and KeepassXC.

I started Brave with debugging enabled (https://www.chromium.org/for-testers/enable-logging) and could see, that the manifest for KeepasssXC Extension could not be found.

It was already in the following locations:

~/Library/Application\ Support/Chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json ~/Library/Application\ Support/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json

but I had to also copy it to: ~/Library/Application\ Support/Google/Chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json

Very strange. Why is Brave looking there? I do not necessarily want my Native Messaging Hosts started from a "different" Browser ...?!

Note: I did have Google Chrome and Chromium activated in KeepassXC Browser Integration Tab

[bridiver]

@ArneTR we look for them in Google/Chrome/NativeMessagingHosts because that is where the native extension apps normally put them. I don't know why Keypass is putting it in Chromium/NativeMessagingHosts, but that is not something we control. They are not "started from a different browser", that is just the location of the file that tells Brave (or Chrome) how to connect to the native app side of the extension. We also don't have the option of looking in more than one place because there is a single DIR_NATIVE_MESSAGING that the chromium code uses. We actually had to override it from the default of Chromium to Google/Chrome or many extensions (like 1password) don't work. I'm not sure if I would necessarily call this a Keypass "bug", but this works fine for extensions that use Google/Chrome/NativeMessagingHosts. I'm sure we have a contact at Keypass so we'll try to follow up with them

[bridiver]

@jonathansampson maybe we can look in Chromium/NativeMessagingHosts and BraveSoftware/Brave-Browser/NativeMessagingHosts and copy any missing files to Google/Chrome/NativeMessagingHosts? @diracdeltas do you see any potential security issues with that? It shouldn't impact Chrome because if the extension isn't installed the native messaging manifest won't do anything

[diracdeltas]

sgtm, assuming permissions on Chromium/NativeMessagingHosts and BraveSoftware/Brave-Browser/NativeMessagingHosts are not less strict than Google/Chrome/NativeMessagingHosts

[AggamR]

still an issue.

[bridiver]

I guess I'm not sure how we want to handle this moving forward. We originally used Google/Chrome/NativeMessagingHosts because otherwise extensions didn't work at all since they didn't put the files in BraveSoftware/Brave-Browser/NativeMessagingHosts. Maybe we should actually go the other way around and start using BraveSoftware/Brave-Browser/NativeMessagingHosts as the default now that extensions have been updated to start using it.

[alensiljak]

I get the same on Linux. Looks like this is not MacOS-specific.

[vwalek]

Strangely some similar fixed worked for me on macOS Catalina, running Brave and KeepassXC.

I started Brave with debugging enabled (https://www.chromium.org/for-testers/enable-logging) and could see, that the manifest for KeepasssXC Extension could not be found.

It was already in the following locations:

~/Library/Application\ Support/Chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json ~/Library/Application\ Support/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json

but I had to also copy it to: ~/Library/Application\ Support/Google/Chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json

Very strange. Why is Brave looking there? I do not necessarily want my Native Messaging Hosts started from a "different" Browser ...?!

Note: I did have Google Chrome and Chromium activated in KeepassXC Browser Integration Tab

Works for me on Linux.

# cp ~/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json ~/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/

[ghost]

I know you're on MacOS, but try the troubleshooting I did from this reddit post I made. https://www.reddit.com/r/brave/comments/oxoc9j/keepassxc_and_brave/

What I mean is, search for keepassxc-proxy, then modify ~/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json

[vbouiller]

Context

This is still an issue with Brave 1.37.111, KeePassXC 2.7.1 on macOS Monterey 12.3.1, getting the "Key exchange was not successful." error. Works perfectly fine with Firefox, and I don't have neither Chrome nor Chromium installed.

Fix

After fumbling through the ~/Library/Application Support/{Mozilla,Google/Chrome,Chromium,BraveSoftware/Brave-Browser}/NativeMessagingHosts folders, I bypassed the issue this way:

1. Delete the json files and symlinks everywhere in those folders (except in the Mozilla folder as it worked as intended for Firefox)
2. Closed Brave and KeePassXC
3. Re-launched KeePassXC, enabled browser integration with Google Chrome (only Firefox was enabled as the json file didn't exist anymore in the other folders)
4. Re-launched Brave
5. Connect to database
6. The json file is only present in the Google/Chrome (and Mozilla) folders, nothing in Chromium and BraveSoftware/Brave-Browser

Conclusion

Beyond the choice of where Brave should look for the manifest (BraveSoftware/Brave-Browser/NativeMessagingHosts would be the most logical choice in my opinion), this seems like a KeePassXC bug, as KeePassXC explicitely allows to chose which browser(s) we want to connect to, and is clearly mishandling the Brave case.

[bridiver]

Beyond the choice of where Brave should look for the manifest (BraveSoftware/Brave-Browser/NativeMessagingHosts would be the most logical choice in my opinion), this seems like a KeePassXC bug, as KeePassXC explicitely allows to chose which browser(s) we want to connect to, and is clearly mishandling the Brave case.

@vbouiller it's slightly more complex than this as explained above. Initially no extensions put things in BraveSoftware/Brave-Browser/NativeMessagingHosts and now I think there's a mix. The solution I think is to check a list of locations starting from Brave -> Chrome -> Chromium

[derzahla]

I just noticed this was still open with the recent comments, but for me personally it is closed. I switched from keepass to bitwarden-rs(now vaultwarden) and never looked back. Would highly recommend it, it easily imports keepass dumps.

[martin-braun]

Same. I have KeePassXC for Mac installed. I enabled the browser integration for Brave, my DB is open. Clicking on Connect in this extension does nothing, though.

No console logs in the extension as well.

[jobeleau2]

martin-braun, I use it with Brave for many years now. May be you have to enable it for Chrome (same framework, if i remember well).

[martin-braun]

@jobeleau2 I tried that without luck. I enabled Chrome, Chromium and Brave, my database is open, but the extension reports no database and the connect button still does nothing.

[adampiskorski]

Adding both Google Chrome and Chromium fixed it for me. I didn't check if only one of them would work.