ChromeIPass loose Keepass connection when 2 databases are in use

[telecomic]

I'm using 2 Keepass Databases (one private and an other shared at work). I have KeePassHttp Settings only in the private database I don't want to have in the shared one.

When ChromeIPass tries to recieve credencials when both databases are open it looks like ChromeIPass get confused and generates a new AES Key so I have to reconnect it to the database. The old key is not used anymore so the connection to the private database is lost permanently even when i restart Chrome or Keepass or both, doesn't matter in which order.

Could you please prevent ChromeIPass from generating new AES Key everytime it fails to authenticate to a Keepass. Thanks.

[pfn]

That does sound annoying, I'll need to think about how to support such a configuration.

[telecomic]

Have some additional information. The problem is when connection to the Keepass fails the key  chromeipass-cryptokey-name on the background.html is deleted.  chromeipass-key is still there. I only need to add  chromeipass-cryptokey-name and the appropriate key value and the connection works again.

On Wed, May 30, 2012 at 6:44 AM, Perry reply@reply.github.com wrote:

That does sound annoying, I'll need to think about how to support such a configuration.

---

Reply to this email directly or view it on GitHub: https://github.com/pfn/keepasshttp/issues/47#issuecomment-6002090

Willi Weikum mailto:willi.weikum@gmail.com

[maartendamen]

+1 on this one, would be great if this could be supported! I also have a private database and a shared work database. I think the problem is that chrome keepass looks in the currently active database for it's associations. I might look into this myself.

[catsncode]

I also have this issue. I use 2 different computers and have had to re-associate every time I switch machines. But maybe it's just due to this 2 databases open issue. Thanks for any help in fixing this.

[u8i]

+1 I'm also using a personal and a shared database...

[pweigand]

+1 same problem here in my team... we all use personal and shared databases + sometimes a few more

[corvar]

Even if the solution is to lock ChromeIpass to a single database and not have integration with the other, that would be grand.

[jjohnson911]

+1, have a few databases at work, would love to be able to utilize this plugin efficiently for at least one of them.

[shackrock]

+1, I use multiple databases, I actually want the connection to look through ALL OPEN DATABASES for the password... is it possible?

[Nicetas]

+1

[neovalis]

+1

[lsgd]

I worked on this feature request and it seems that I found a solution (only for chromeIPass).

It's not possible to get access to all opened databases. The plugin interface is restricted to a single database which is focused in KeePass. Therefore I tried to identify the opened database, but there is also no unique ID for the database. Then I found the RootGroup-ID which should be unique for everyone of you, but if you copy the database-file the RootGroup-ID is the same and you aren't able to change this ID. Now I created an unique ID consisting of RootGroup-ID and RecycleBin-ID. If you copy your database-file you have to delete the RecycleBin (yes, this is possible), and then you have to delete an entry. Now the RecycleBin will be recreated with a new ID. So far, so good.

I added an option to choose the icon-color of the chromeIPass-icon. If you are working with several databases you can connect each of them and choose a different icon-color.

Because I had to do a lot of changes I need some people to test it before I will push & release it. You can find the new version on https://github.com/lspcity/passifox/tree/multiple-databases Just download the chromeipass.crx -file, open the extensions-tab in Chrome and drag-n-drop the file.

I also need your feedback how to improve this feature and make it more visible (or is it visible enough?). Thank you.

[lsgd]

I forgot to tell you, that you also need the newest version of my KeePassHttp-version, which you can find here: https://github.com/lspcity/keepasshttp

It's needed to generate the unique database ID and send it back to Chrome.

[corvar]

I believe I did everything I needed to, but no joy.

Downloaded and installed what I think is the appropriate KeePassHttp, my Keepass plugins menu is reporting 1.0.7.6. I am pretty sure that is newer than what it was when I started.

I removed the old ChromeIPass extension, downloaded and installed the new one. Restarted Chrome (not sure I need to, but what the heck).

With pages with password forms, it doesn't seem to be recognizing them. With HTTP Auth pop ups, I see "Waiting for extension chromeIPass..." in the lower left corner of Chrome.

[corvar]

Further note, requires KeePass 2.21, does nto work with Keepass 2.20.1

[lsgd]

Does it now work?

If not, please tell me:

Which version is displayed on the chrome://extensions page? Do you have an "Options"-link on the chromeIPass-entry in the extension-page?

Please activate developer-mode on chrome://extensions and generate the background-page and tell me what the output on the background-page when you visit a login-page.

[corvar]

With Keepass 2.21, KeePassHttp 1.0.7.6, and chromeIPass 2.0.1, I am working with both form based logins and HTTP Auth logins. So everything is looking positive. Thank you so much.

[lsgd]

There was a small bug in chromeIPass 2.0.1 which blocked the workflow. You don't need to update KeePass, it's also working with KeePass 2.20.1 (tested) and should work with all vesions since 2.17

I have some very good news for those of you who want to SEARCH IN ALL OPENED DATABASES: It's implemented in my latest version of KeePassHttp and works with passIFox and chromeIPass: https://github.com/lspcity/keepasshttp You have to activate this option in KeePass > Tools > KeePassHttp Options ... > "Search in all opened databases for matching entries" Please note: If this feature is activated, it's only neccessary that one of the opened databases is connected to chromeIPass or passIFox! This connected database has to be focused while surfing in the browser! Otherwise you have to connect the other ones (chromeIPass 2.0.2) or reconnect (older versions of chromeIPass and all versions of passIFox).

At the end I like to get feedback for these features to improve them.

[jjohnson911]

Updated to new KeyPassHttp, installed new plugin, but when trying to connect to second database, I get this error:

[image: Inline image 1]

Any way to fix this? Second DB is accessed via FTP, not sure if that causes any type of issue? Figured once it's open, that wouldn't matter.

On Wed, Feb 13, 2013 at 7:01 PM, lspcity notifications@github.com wrote:

I worked on this feature request and it seems that I found a solution (only for chromeIPass).

It's not possible to get access to all opened databases. The plugin interface is restricted to a single database which is focused in KeePass. Therefore I tried to identify the opened database, but there is also no unique ID for the database. Then I found the RootGroup-ID which should be unique for everyone of you, but if you copy the database-file the RootGroup-ID is the same and you aren't able to change this ID. Now I created an unique ID consisting of RootGroup-ID and RecycleBin-ID. If you copy your database-file you have to delete the RecycleBin (yes, this is possible), and then you have to delete an entry. Now the RecycleBin will be recreated with a new ID. So far, so good.

I added an option to choose the icon-color of the chromeIPass-icon. If you are working with several databases you can connect each of them and choose a different icon-color.

Because I had to do a lot of changes I need some people to test it before I will push & release it. You can find the new version on https://github.com/lspcity/passifox/tree/multiple-databases Just download the chromeipass.crx -file, open the extensions-tab in Chrome and drag-n-drop the file.

I also need your feedback how to improve this feature and make it more visible (or is it visible enough?). Thank you.

[image: chromeipass-multiple-databases]https://f.cloud.github.com/assets/820580/155435/8ac3f744-7648-11e2-8d84-34cab029be49.png

— Reply to this email directly or view it on GitHubhttps://github.com/pfn/keepasshttp/issues/47#issuecomment-13529572.

[lsgd]

@jjohnson911: there is no image in your message.

[lsgd]

@jjohnson911: I found the error. I used the creation date to generate a unique-id of the database. But this works only for locale files. I removed the creation date from unique-id, because it's also not very safe to use a date for a stable unique-id.

Please download the latest version from https://github.com/lspcity/keepasshttp

[jjohnson911]

Updated, works great now, Thank You!

On Fri, Feb 15, 2013 at 2:09 AM, Lukas Schulze notifications@github.comwrote:

@jjohnson911 https://github.com/jjohnson911: I found the error. I used the creation date to generate a unique-id of the database. But this works only for locale files. I removed the creation date now from unique-id, because it's also not very safe to use a date for a stable unique-id.

Please download the latest version from https://github.com/lspcity/keepasshttp

— Reply to this email directly or view it on GitHubhttps://github.com/pfn/keepasshttp/issues/47#issuecomment-13598273.

[corvar]

I am not sure what specifically happened, but ChromeIPass has seemed a little off. I did just upgrade KeePassHttp to 1.1.1.0, so maybe that will fix this. But little things like mail.google.com wanting my password again not causing any icon in the location bar. I will try to pay attention to the specifics. When I upgraded KeePassHttp I had to re-associate my DBs again.

[jjohnson911]

I noticed the same. At times the icon wont show, I hit Keyboard shortcut to fill the pass, which seems to usually spur it bring the icon back too.

Seems to be on sites that load slower than others?

Sent from my iPhone

On Feb 20, 2013, at 9:13 AM, corvar notifications@github.com wrote:

I am not sure what specifically happened, but ChromeIPass has seemed a little off. I did just upgrade KeePassHttp to 1.1.1.0, so maybe that will fix this. But little things like mail.google.com wanting my password again not causing any icon in the location bar. I will try to pay attention to the specifics. When I upgraded KeePassHttp I had to re-associate my DBs again.

— Reply to this email directly or view it on GitHub.

[Compound123]

Hi Lukas,

ich nutze ChromeIPass mit mehreren Datenbanken! Dort nutze ich sehr stark die Referenzierung von Einträgen, wenn ich nur eine Datenbank habe bzw. ich mich in der Datenbank befinde wird User und Passwort auch richtig eingetragen. Befinde ich mich allerdings in einer anderen Datenbank, wird mir nur das was als "unechter" Username im KeePass gespeichert wird eingetragen d.h. er löst die Referenzierung nicht auf. Ich hoffe du kannst das beheben! Ansonnsten ein sehr sehr großes LOB!

English: I'm useing ChromeIPass with 2 or more databases. If I'm surfing to a webpage, that is saved it works only if the active database is the database where the entry is. If it's not in the active database I only get the text inside the entry but it doesn't reference the Username/Password from the one I configured.

[elieux]

@lspcity, is it possible to completely move the keys to global KeePass settings and treat inactive databases as equal with the active one? I noticed the association procedure is not very helping when one needs to associate a browser with multiple databases.

I was going to propose moving the key from the special "KeePassHttp Settings" entry to database settings (which would also need a custom UI - presumably a new tab in Database Settings), but then I realized that the association is not really a property of a database; I want to associate my browser with my KeePass (specifically with the KeePassHttp server), have it automatically use all my databases and then, only if needed, I may choose some databases to be ignored by the plugin (which could, but not necessarily, be a property of each database).

Similar work has been done in the KeeFox plugin.

[pfn]

The main problem with this is that it is not inherently secure.

Sent from my phone On Mar 18, 2013 7:06 AM, "elieux" notifications@github.com wrote:

@lspcity https://github.com/lspcity, is it possible to completely move the keys to global KeePass settings and treat inactive databases as equal with the active one? I noticed the association procedure is not very helping when one needs to associate a browser with multiple databases.

I was going to propose moving the key from the special "KeePassHttp Settings" entry to database settings (which would also need a custom UI - presumably a new tab in Database Settings), but then I realized that the association is not really a property of a database; I want to associate my browser with my KeePass (specifically with the KeePassHttp server), have it automatically use all my databases and then, only if needed, I may choose some databases to be ignored by the plugin (which could, but not necessarily, be a property of each database).

Similar work has been done in the KeeFoxhttps://github.com/luckyrat/KeeFoxplugin.

— Reply to this email directly or view it on GitHubhttps://github.com/pfn/keepasshttp/issues/47#issuecomment-15056357 .

[elieux]

Could you elaborate on that for me? Or link to a relevant article/post somewhere?

[lsgd]

@corvar and @jjohnson911: In the new version of chromeIPass the icon in address bar has changed to an own button (pageAction --> browserAction). The problem of the missing icon was that the event of showing the icon is only triggered by Chrome if the user switches to a tab. This problem is solved by using browserAction from now on.

@Compound123: I will answer you in english (understandable for everyone). I'll have a look for the unresolved references. Cannot say more at the moment, but it's on my list now. Thank you.

@elieux: The current chromeIPass version supports getting entries from multiple databases. You have to activate this feature in "KeePassHttp Options" which you can find in menu "Tools". A possible feature could be an additional information stored in the "KeePassHttp Settings" entry of each database which excludes the database from the search. Currently I also don't think that outsourcing the settings is whortwhile.

@Compound123, @elieux and everyone: Please open a new issue for your problems to don't loose track of the original question