Closed BryanJacobs closed 4 months ago
Closes #311
This looks good so far. I'll ask to move the contents of multifactor_auth.rst
into a new section in the README as that's where our examples currently live.
I'll hold off on merging until the thread over at keepassxc is mostly resolved.
Sorry, accidentally auto-closed as I updated my branch. I will reopen this momentarily with your requested changes.
This adds support for using the hmac-secret FIDO extension to contribute keying material for a KeePass 4 file.
It does this by storing an additional XML statekeeping blob in the outer ("public") header. This blob is designed to hold a variety of different authentication factors, such as passwords, key files, and Yubikey challenge-response devices.
The implementation here has support for passwords (primitively - no brute-force resistance), key files, and FIDO2 authenticators. It contains documentation about the changes to the KeePass file format, and tests covering the basic functionality.
It adds a dependency on
python-fido2
to perform actual FIDO2 operations with connected PC/SC or USB-HID authenticators.