search

strongbox-password-safe / Strongbox

A KeePass/Password Safe Client for iOS and OS X
https://strongboxsafe.com
GNU Affero General Public License v3.0
1.34k stars 102 forks source link

KeePassHTTP or similar support #164

Open mmcguill opened 5 years ago

mmcguill commented 5 years ago

Research and possibly implement this (similar to competitors MacPass etc). Handy for Browser Plugins.

georgesnow commented 5 years ago

21 <= this appears to relate sort of to this. if you decide to go the generic route and support the HTTP (and/or KPXCs native messaging) which uses HTTP Auth.

I am working on a generic open source Safari extension for KeePassHTTP(and maybe if i can figure it out HTTP Auth) since there doesn't appear to be any other port willing to support Safari (Apple is now killing off legacy extensions like KeePassHelper). It the support is dropping due the requirement of having to build using a native obj-c/swift code app/helper.

Anyway my extension has the rough plumbing. I got a basic working javascript for autofilling and basic connection to a HTTP server (in this case MacPass's http plugin). However, i am stalled at the encryption part. I really don't have good idea how it works and can't find any definitive docs just other peoples code. I will post the code to Github some point. I need to clean up the code. And hopefully there is some others who would want to contribute. If you interested I can post a link to the repo here once i put it up.

mmcguill commented 5 years ago

For sure @georgesnow - post a link to your repo here. I can probably help at least from an advice point of view on the crypto and file format and can walk you through Strongbox code if that's helpful.

georgesnow commented 5 years ago

here it is:

https://github.com/georgesnow/keeSafari

the code is not pretty 🥴 and crude. I need to clean it up a bit more, but it works (as I stated above). you will see my comments. also my developer cert wasn't working correctly on my rebuilt machine. So for me to get the extension to show up in Safari. You will need to add the Develop menu in Safari and select => Allowed unsigned extensions

if your signing is working correctly it will show up on running. The majority of the code exists in "keeSafari Extension" => SafariExtensionHandler.m and the javascript.

let me know if you have questions thoughts....

mmcguill commented 5 years ago

Thanks @georgesnow - and well done on this. Hopefully it will be useful for some users!

georgesnow commented 5 years ago

@mmcguill I got a little further with figuring how the dictionary looks for HTTP POST response. Wireshark packet capture helped with that.

Next, I have to figure out how the hash, aes, and iv decryption part works.

mmcguill commented 5 years ago

Ok yes, depends on the version but it's fairly straightforward (especially for KDBX3.1)

tvyzq commented 4 years ago

I would like to try it but I am not sure how to manage it. Could you give me some hints/instructions, how to install this extension?