unhelpful error "Key exchange was not successful." when native messaging host not set up

[khazhyk]

Expected Behavior

it connects to the database

Current Behavior

first: "KeePassXC-Browser has encountered an error:

Cannot connect to KeePassXC. Check that browser integration is enabled in KeePassXC settings. "

then click "reload" gives: "KeePassXC-Browser has encountered an error:

Key exchange was not successful. "

This happens if keepassXC is open or closed, suggesting to me something broken within the browser extension

Possible Solution

Steps to Reproduce

1. start firefox with keepascx-browser
2. click the icon and press reload

Context

unusable

Debug Info

KeePassXC - 2.4.1 KeePassXC-Browser - 1.4.5 Operating system: MacIntel Browser: Mozilla Firefox 67.0

[khazhyk]

debug console shows:

Connecting to native messaging host org.keepassxc.keepassxc_browser keepass.js:1003:13 Failed to connect: Unknown error keepass.js:979:13 Error: Could not establish connection. Receiving end does not exist.

so the issue was keepassxc was enabled for chrome but not firefox...

so I guess, change this to... maybe handle this error and give more helpful error message. Perhaps... "KeepassXC is not configured, please set it up in preferences > browser integration and make sure <browser> is checked" or something

[varjolintu]

Those error messages have been changed few months ago. The problem here is that the same error message is used for several situations, and there's no way to distinguish them.

[tjuerges]

Independent of whatever the error message stands for, I see the same error message on MacOS with 1.4.5/2.4.2 and Chrome.

It appears to me that this bug is so severe that renders the extension useless, doesn't it? Was this ever tested? Or "am I holding it wrong"?

[dxdc]

Independent of whatever the error message stands for, I see the same error message on MacOS with 1.4.5/2.4.2 and Chrome.

^^ same here.

[varjolintu]

Stable 2.4.2 release had a problem with linking keepassxc-proxy so the extension is not the only problem here (wrong linking doesn't launch the proxy process at all). The next extension release fixes the rest of reconnect problems. It's recommended to disable it if you encounter any problems. A warning text about it being experimental will be added.

[dxdc]

@varjolintu I tried deleting the db in the browser extension, but when I press 'Connect' now nothing happens still.

I tried disabling the proxy setting under 'Advanced' in the 2.4.2 Browser preferences, but that just causes an icon to appear/disappear in the dock every 0.5 sec or so.

Was this all covered by the new release?

KeePassXC - unknown KeePassXC-Browser - 1.4.5 Operating system: MacIntel Browser: Chrome/Chromium 74.0.3729.169

[varjolintu]

@dxdc Without the proxy the connection with KeePassXC is direct. This means KeePassXC must be closed and the browser launches it at connect/reconnect. Make sure auto-reconnect is disabled.

[dxdc]

@varjolintu I tried that; it's completely unusable. Keepasxc (proxy application) just keeps relaunching/quitting over and over and over. I had to disable the chrome extension, which wasn't easy with the keepassxc window taking focus every 0.5 sec.

[varjolintu]

@dxdc This is because of the wrong linking I said earlier. Only workaround for that is to load the previous version (or copy the proxy inside that package to the new one) until an update is uploaded.

[dxdc]

@varjolintu great suggestion.

cp /Volumes/KeePassXC/KeePassXC.app/Contents/MacOS/keepassxc-proxy /Applications/KeePassXC.app/Contents/MacOS/keepassxc-proxy

worked perfectly for now.

[varjolintu]

Another solution is to install libsodium via Homebrew.

[NullEnt1ty]

brew install libsodium

solved my problems on macOS. Thank you, @varjolintu!

[varjolintu]

And a third workaround that doesn't need any installing (https://github.com/keepassxreboot/keepassxc/issues/3209#issuecomment-498146146):

install_name_tool -change /usr/local/opt/libsodium/lib/libsodium.23.dylib "@executable_path/../Frameworks/libsodium.23.dylib" /Applications/KeePassXC.app/Contents/MacOS/keepassxc-proxy

Note that using the name tool will invalidate the app signature and prevent use of touchid. It might also impact Auto-Type

[chundychang]

I'm experiencing the same problem after I installed the newest version of Keepass (2.4.2). I re-installed the chrome extension, re-downloaded the newest version of Keepass (32 bit to match operating system), made sure the "enable browser integration" setting was on. Also, I went into the "Connected Databases" tab in KeepassXC Browser's settings and noticed that there were no connected databases there. I tried to press the "connect" button but nothing happened.

debug info below: KeePassXC - 2.4.2 KeePassXC-Browser - 1.4.6 Operating system: Win32 Browser: Chrome/Chromium 74.0.3729.169

I am totally new to coding, how do you implement the third workaround for windows 32 @varjolintu?

[varjolintu]

Are you using the portable version? If so, see https://github.com/keepassxreboot/keepassxc-browser/issues/456.

[chundychang]

@varjolintu I am using portable, but I don't understand where to find the registry key.

[varjolintu]

@chundychang See https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide :)

[buzzik]

@varjolintu Oh cmon, peoples use portable versions when thay haven't admin privileges. After upgrade to 2.4.3 i getting error "Key exchange was not successful" in Chrome and Firefox. Is there any way to fix it without admin privileges (that is needed to edit registry)

[varjolintu]

@buzzik Registry is needed to be modified to include the location of Native Messaging script file locations for Chrome and Firefox. If you cannot edit the registry, there's little you can do.

[varjolintu]

@buzzik Btw, have your tried to disable the support for your browser and then re-enable it from the KeePassXC settings?

[stratacast]

@buzzik Btw, have your tried to disable the support for your browser and then re-enable it from the KeePassXC settings?

This was the solution for me for now.

Should probably add: OS - Debian 10 KeePassXC version: 2.4.3 (compiled from source) Browser version: 1.4.6

[RexTC]

Just found the problem maybe on the KeepassXC extension coding or maybe KeepassXC browser. I have solved this issue by changing the folder name length(rename to shorter or move it to reduce folder string length) for the too long text string will be problem for extension or XC browser to processing it. I am 100% sure this is a bug in either one. I am using portable version of XC browser app, I also suspect it maybe cause by the partition format of USB that will cause the program to interpret the location of binary file. I have tested this and duplicate the same issue in different machines(Windows 10), but this does not happen in Ubuntu(Linux).

[varjolintu]

@RexTC Thank you for the info. Need to test that. The folder name is only used in the Native Messaging JSON script and in the registry. It's also possible that Native Messaging doesn't handle long names properly, but at this point it's hard to say.

[AustinLiu1988]

y

what should I modify after I found "org.keepassxc.keepassxc_browser"

[varjolintu]

@AustinLiu1988 The path, if it's wrong.

[intika]

Just for the record... was going nut with this issue since a long time and have just find the time to do some debugging and figure it out... i am using chromium, (ungoogle-chromium) + Linux... but i'll post the solution according to Firefox and other systems as well... this may help some one with a similar issue...

First thing first here is the detailed documentation (reading it is what lead me to the solution...)

• Chromium/Chrome Native Messaging
• Mozilla Native Messaging
• KeepassXC-Browser Troubleshooting Wiki

Also under chromium an easy way to debug is to open chrome://extensions/ select developer mode at the top right then click Inspect views background... under the square of KeepassXC extension... also under details button you may select collect errors...

Before going further the first thing to do is to follow the KeepassXC-Browser Troubleshooting Wiki and update/fix the json manifest file like described there

Then (and here is where my config/mistake got me stucked) the native messaging system have several location where it can be edited and or limited/denied for instance for chromium+linux a manifest json policy under /etc/chromium/policies/managed/manifest.json that contains "NativeMessagingUserLevelHosts": false, will completely block the system and will result in giving Key exchange was not successful error in that case just change the value to true or just remove that line and voila :)

The liked documentations describe different locations for the different policies, different browsers and os.

I'll probably update the wiki to provide a full troubleshooting of the native message system, sometime for some advanced setup, the manifest under the user location is not enough (like my case)

Also during the debugging you may keep the task manager open to see if the browser run keepassxc-proxy binary... also the feature need to be enabled on the KeepassXC settings.

[varjolintu]

@intika I had no idea the whole native messaging system can be limited and solved by editing the policies JSON. Is this behaviour specific to Ungoogled Chromium?

[intika]

@varjolintu no it's not specific to Ungoogled Chromium but to any Chromium based browser, in any OS... i believe Firefox have a similar policy function

[hrvojegolcic]

Had the same issue on Windows 8.1 but only with portable KeePassXC. Otherwise works fine with desktop version. Portable version has even more issues.

[masi]

Happens for me on Win10 with FF 74.0 + KeePassXC-Browser 1.6.0 2and KeePassXC 2.5.3. But this is just the current setup. I don't recall with what version the connection started to fail.

As Hrvoje Golčić I am using a portable installation of KeePassX.

[moeffju]

This has started happening to me seemingly at random a day or two ago.

KeePassXC - 2.6.4 KeePassXC-Browser - 1.7.6 Operating system: Win64 Browser: Mozilla Firefox 86.0

Tried toggling Browser Integration, restarting KPXC, all to no avail.

[varjolintu]

@moeffju Any messages in the JavaScript console, or background page console (you can find it from about:debugging)?

[moeffju]

@varjolintu I was looking for the debug console but couldn't find it, and then restarted the browser again before seeing your response. That restart seemed to have fixed it however. I did disconnect the database beforehand as well. If it happens again I'll make sure to check the debug console.

[Ferk]

I have the same issue from Windows 10. I had no issued with Google Chrome and KeepassXC (2.6.4).

However, I needed to switch to use Firefox 86 (it's not the portable version) and even though the Chrome connection works flawlessly, Firefox keeps giving the same "Key exchange was not successful".

I tried to "Disconnect all browsers" to see if the previous Chrome connection was interfering, but even after doing that I cannot connect from Firefox. I tried again to make a new connection from Chrome and it worked again, so I'm wondering if this is a Firefox issue.

I do not see any related output in the javascript console from Firefox.

[Ferk]

I went into about:devtools-toolbox?id=keepassxc-browser%40keepassxc.org&type=extension

Then I was able to see the logs for the extension, which constantly spout the following lines:

Connecting to native messaging host org.keepassxc.keepassxc_browser keepass.js:1059:13
Failed to connect: Unknown error keepass.js:1029:13
Connecting to native messaging host org.keepassxc.keepassxc_browser keepass.js:1059:13
Failed to connect: Unknown error keepass.js:1029:13
Connecting to native messaging host org.keepassxc.keepassxc_browser keepass.js:1059:13
Failed to connect: Unknown error keepass.js:1029:13

Restarting after disconnecting the browser associations from KeepassXC did not help in my case.

[varjolintu]

@Ferk Have you checked out the Troubleshooting Guide?

[JightningZ]

I had this issue and was able to solve it. I was using the extension on Edge and wanted to start using Chrome. After uninstalling everything and going through the troubleshooting guide I finally figured out how to get it to work.

I am not using the portable version. Under Application Settings -> Browser Integration -> Make sure you have your browser type checked. I only had Edge checked. Once I checked the Chrome box it started working for me!

[Bohaska]

Also having this problem. I checked and browser integration was on for all browsers. KeePassXC-Browser - 1.7.8.1 Operating system: MacIntel Browser: Chrome/Chromium 87.0.4280.141

[Sarlay]

I have the same issue but once I reboot my computer (w10) the issue is gone and comes back after some time. os: W10 browser: chromium 92.0.4490.0 extension: 1.7.8.1 keepassxc: unknow I also did those steps and everything seems to be ok (the path points to C:\Program Files\KeePassXC\keepassxc-proxy.exe) The allowed_origins matches the chrome-extension id.

EDIT: keepassxc-proxy wasn't running, I started and everything works now. I guess that the keepassxc-proxy.exe isn't start properly / killed by a program or an error

EDIT2: I am starting keepassxc-proxy with the following vbs script:

Option Explicit

Dim shell
Set shell = WScript.CreateObject("WScript.Shell")

shell.Run "C:\Windows\System32\cmd.exe /k C:\Program Files\KeePassXC\keepassxc-proxy.exe", 0, True

Set shell = Nothing

Feel free to use it !

[rammanokar]

2021.. still facing this error in firefox

[varjolintu]

2021.. still facing this error in firefox

See my first reply in this thread. Things haven't changed.

[iammursalin]

I am facing this error in Brave. On Firefox it's working.

[varjolintu]

I am facing this error in Brave. On Firefox it's working.

Try to enable support for Chrome and Chromium. Then try again.

[Mayurifag]

For any people using librewolf on linux, this dirty hotfix may help you

ln -s ~/.mozilla/native-messaging-hosts ~/.librewolf/native-messaging-hosts

source: https://github.com/keepassxreboot/keepassxc/issues/6907

[varjolintu]

For any people using librewolf on linux, this dirty hotfix may help you

ln -s ~/.mozilla/native-messaging-hosts ~/.librewolf/native-messaging-hosts

source: keepassxreboot/keepassxc#6907

..or you can just use the Custom Browser option in KeePassXC's Browser Integration settings, Advanced tab.

[rafalglowacz]

I just started getting this error in Firefox after a fresh Ubuntu installation. I hadn't used FF for a while but I remembered that it worked flawlessly before.

Apparently FF is now installed with snap in Ubuntu and snaps are not supported by KeePassXC, so the solution was to simply:

sudo snap remove firefox
sudo apt install -y firefox

[rebelC0der]

I am on Linux and I use Brave browser, but beta and nightly builds.

It works only on the main Brave browser (when executable is called brave/brave-browser)

It does not work if the executable name is: brave-beta or brave-nightly

Is there a way to make it work for those two? Is this something that can be configured from here:

If yes, how can this be done?

[varjolintu]

@RebelCoderRU Check what path Brave beta/nightly uses. It's probably .config/BraveSoftware/Brave-Browser-Beta/NativeMessagingHosts or something similar. Enter that path to the config.

[rebelC0der]

@RebelCoderRU Check what path Brave beta/nightly uses. It's probably .config/BraveSoftware/Brave-Browser-Beta/NativeMessagingHosts or something similar. Enter that path to the config.

Hey! Yes, I just did try, and it still does not work.

A few issues: 1. Custom config only has FF & Chromium (can this be why custom Brave config is not being picked up?):

https://user-images.githubusercontent.com/20476773/142197558-12fa6bef-2d30-4b6b-89aa-575711def25c.mp4

2. Those folders supposed to be empty?:

[varjolintu]

@RebelCoderRU Chromium here means it's a Chromium-based browser, just like Brave. You can use the whole path you can see in pwd in the config page.