Not working with KeePassXC-Browser

[amuagarwal]

KeepassNatMsg: v2.0.13 KeePassXC-Browser: 1.7.9.1 Operating system: Win64 Browser: Chrome/Chromium: 93.0.4577.63 (Brave v1.29.77) Native Messaging Host Proxy: v0.0.8.40284

every time I am trying to connect, the following error I am getting: Connecting to native messaging host org.keepassxc.keepassxc_browser keepass.js:1142 Error 9: Key exchange was not successful.

No popup to save key in keepass. At the same time the extension working perfectly with KeepassXC. The only extension installed in browser is KeePassXC-Browser.

[smorks]

i just tested with a fresh install of brave, same version as you have listed (1.29.77), and it worked fine for me. try pressing the "Install/Update Native Messaging Host" is the KeePassNatMsg Options, make sure Google Chrome is checked, and try it again?

I know running KeePassXC and KeePass/KeePassNatMsg side by side can cause conflicts, because i believe KeePassXC by default overwrites the files used by the native messaging host for KeePassNatMsg.

[amuagarwal]

Let me try it as you said if found any issues will update you with screenshots

[amuagarwal]

No Luck Steps I followed:

1. Removed KeepassHttp plugin from keepass
2. Update Native Messaging from KeePassNatMsg Options
3. The advance setting untouched
4. Open Brave clicked On extension
5. Clicked Reload
6. Console log I am not sure in step 6 Error 7 why it looking for KeepassXC

Am I missing anything. The same steps work if i run KeepassXC but not with keepass. For keepasshttp keepass need to run as administrator. I tried both method run as standard user and as administrator too.

Please update if i am missing anything.

[smorks]

hmmm, i'm not sure what else to try. FYI, the KeePassXC-Browser always mentions KeePassXC, it doesn't know that it isn't connecting to it.

If you open task manager while Brave is running, click on More Details at the bottom, then expand Brave Browser, you should see a process called keepassnatmsg-proxy running?

[amuagarwal]

just check task manager and found that keepassnatmsg-proxy is not there. do i need to run it manually?

Even i tried to run the proxy manually after which I am getting "Failed to connect: Native host has exited."

[smorks]

no, you don't need to run it manually. sometimes it will shut itself down if it can't connect to keepass.

a few other things to check:

1. In regedit, check HKCU\SOFTWARE\Google\Chrome\NativeMessagingHosts\org.keepassxc.keepassxc_browser, and look at the data, and see what file it's pointing at. Should be something like C:\Users\[Username]\AppData\Local\KeePassNatMsg\kpnm_chrome.json
2. If that looks correct, could you post the content of that file (kpnm_chrome.json)?

[amuagarwal]

{ "name": "org.keepassxc.keepassxc_browser", "description": "KeepassXC integration with Native Messaging support", "path" : "keepassnatmsg-proxy.exe", "type": "stdio", "allowed_origins": [ "chrome-extension://iopaggbpplllidnfmcghoonnokmjoicf/", "chrome-extension://oboonakemofpalcgghocfoadofidjkkk/", "chrome-extension://pdffhmdngciaglkoonimfcmckehcpafo/" ] }

[amuagarwal]

kpnm_chrome.json kpnm_chromium.json kpnm_edge.json kpnm_firefox.json kpnm_thunderbird.json

these are the files present in appdata location

[smorks]

and the keepassnatmsg-proxy.exe should be in that same folder as well?

[amuagarwal]

yes its there

[smorks]

hmm, i really don't know what could be causing this issue.

is there anything in regedit at HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\org.keepassxc.keepassxc_browser?

i know i've seen some policies for blocking certain native messaging extensions as well, but since it's working with KeePassXC that shouldn't be an issue.

And you don't have KeePassXC running while KeePass is running?

[amuagarwal]

its there find the screenshot

and yes only Keepass is running

[amuagarwal]

I point which i missed that i am running everything in portable mode. and even in portable mode extension working properly with KeepassXC.

[amuagarwal]

Edge is not in portable mode but the proxy not working there too.

[amuagarwal]

Is there any place where proxy is logging error like event viewer or any log.

[smorks]

ok, that's pointing to KeePassXC, so it won't work with that registry setting. if you click the "Install/Update Native Messaging Host", it should update that key to point to KeePassNatMsg. like i said earlier, by default, just running KeePassXC will update that registry key so KeePassNatMsg can't work anymore.

[amuagarwal]

done but no luck

[smorks]

and did you completely close your browser and restart it?

[amuagarwal]

yes i just did but after keys got updated it still having "Failed to connect: Native host has exited."

[amuagarwal]

Error 5: Cannot connect to KeePassXC. Check that browser integration is enabled in KeePassXC settings. keepass.js:1059 Connecting to native messaging host org.keepassxc.keepassxc_browser keepass.js:1142 Error 9: Key exchange was not successful. keepass.js:1029 Failed to connect: Native host has exited.

[smorks]

one last thing to try. download keepassnatmsg-proxy.exe from here: https://github.com/smorks/keepassnatmsg-proxy/releases/tag/v0.0.8 then copy it to the %LOCALAPPDATA%\KeePassNatMsg folder, and see if that helps? also check to make sure that the keepassnatmsg-proxy.exe isn't blocked and doesn't have any Compatibility settings set.

[amuagarwal]

oki let me try it

[smorks]

one thing i just tested - if keepass is run as Admin, but the browser is not, then it doesn't appear to work. either they both need to be run as admin, or both not.

[amuagarwal]

Ahh at last it working both running non-admin, downloaded proxy working.

Thanks for so quick and long support

[amuagarwal]

Need one more help regarding advance setting point 14. My issue is there are few site which have same credential but different urls. currently I am using duplicate entry option but is there is any thig which can be done with help of advance search? if so how i update the entries to achieve this somehting like "KeePassHttp Settings": {allow:[], deny:[]}

Sorry to reopen

[smorks]

if you turn on the "Search string fields for URL" option on the Advanced tab in KeePassNatMsg Options, then you just need to enter fields that start with URL on the Advanced tab of an entry - so you could have URL1...URL99 or however many you need.

[amuagarwal]

Thank you its working one more thin currently i am using KeePassOTP for TOTP but as par the document it says 2.x have inbuilt otp generationa and keepassxc-browser can be used to fill otp. can you please help me to step the same. do i need 2 database one for passwords and one for otp secret?

[smorks]

Here is keepass's documentation on their TOTP support: https://keepass.info/help/base/placeholders.html#otp

Typically, you need to create a field called "TimeOtp-Secret-Base32", and enter your base32 encoded secret in that field. It should just work after that.

[amuagarwal]

I tried the document and able to put the entries but not getting how to work with keepassXC-browser "Usage example. Create a new entry, set its password to the {HMACOTP} placeholder, switch to the 'Advanced' tab, add a string named 'HmacOtp-Secret' with value '12345678901234567890', and close the dialog with [OK]. When you now double-click onto the password cell of the entry in the entry list of the main window, an OTP is copied to the clipboard. When auto-typing, an OTP is sent as password. Every time you perform such an action, KeePass updates the counter value. With the secret above and counter value 0, the following OTPs are generated: 755224, 287082, 359152, 969429, 338314, ... (more generated OTPs can be found in the example in RFC 4226)."

if i follow this means i have to create duplicate entry one for password and one for otp. correct me if i misinterpreted.

if i am correct just a idea as your plugin working with xc-browser just add otp generation or get otp from app if it provide will be great enhancement.

[amuagarwal]

one more thing the screenshots you added in redme.md there is one screen for keys but it not there my all the entries are going in "KeePassHttp Settings" at root level

[smorks]

no, you don't need two entries for password and otp. So you enter your secret in the proper TimeOtp-Secret[-Base32] or whichever field matches the format your otp secret is in. That's all you need to do, you leave your username/password the same. next, you go to your site and you use the built-in "Fill TOTP" option, and it should just work.

[smorks]

one more thing the screenshots you added in redme.md there is one screen for keys but it not there my all the entries are going in "KeePassHttp Settings" at root level

yes, that will be in the next release.

[amuagarwal]

This is twitter 2-step verification its twitter entry setup otp entry is used by keepassotp plugin. on totp screen of twitter when i click xc-browser it shows and clicking on green bubble in text box do this i am not sure what i am missing

[smorks]

remove (or rename) the "otp" field.

[amuagarwal]

Thanks a lot got it after removing it working. Tanks for support. closing the issue now.