search

libkeepass / pykeepass

Python library to interact with keepass databases (supports KDBX3 and KDBX4)
https://pypi.org/project/pykeepass/
GNU General Public License v3.0
403 stars 96 forks source link

Provide access to master seed #359

Closed janbrummer closed 9 months ago

janbrummer commented 10 months ago

We are currently developing YubiKey and Smartcard support integration for GNOME Secrets and this implementation should be of course compatible with other keepass application like KeepassXC: https://gitlab.gnome.org/World/secrets/-/merge_requests/757

For the challenge response method of YubiKey KeepassXC is making use of the master seed of the database file. The result in turn is added to the transform key.

Currently pykeepass does not provide access to the master seed WITHOUT unlocking the database. But as this is in this case necessary to compute the correct hash, we need to read the data first and do the unlock in a second step.

Could you please provide such an API?

janbrummer commented 10 months ago

Adding @A6GibKm

Evidlo commented 10 months ago

Sure, this is something I'm open to. Probably the right way to do this is by adding a construct If conditional around the body and only parsing if some decrypt argument is True.

Evidlo commented 10 months ago

Also I understand Secrets may access other properties in kdbx_parsing, such as what KDFs are available. It would probably be good to give them public APIs.