philippc / keepass2android Goto Github PK
View Code? Open in Web Editor NEWPassword manager app for Android
Home Page: https://play.google.com/store/apps/details?id=keepass2android.keepass2android
License: GNU General Public License v3.0
Password manager app for Android
Home Page: https://play.google.com/store/apps/details?id=keepass2android.keepass2android
License: GNU General Public License v3.0
The pop up for group edition shows with white fonts on light gray background, which is difficult to read. The 3 buttons (OC, Cancel, Icon) are with a dark gray background.
The design of the pop-up should be consistent with the rest of the dark theme and not impede legibility.
Many thanks for your work :)
When I'm searching for some terms, after entering some letter, K2A will stop responding. I need to use force stop to make it usable again.
The terms seems random but consistent. Example I have is: "indo" (I want to enter "indosat", but when I enter "s", the app stops responding)
As mentioned in #34, the steam configuration line from KeeTrayTOTP causes a database crash on loading the entry. I do use the inputstick plugin, so it's possible (though unlikely) that it's somehow related. The TOTP Settings string in particular used by the steam entries is "30;S". After triggering, the app flickers between dark and light themes (I run dark), the database closes (and the entry sometimes remains open), and I get a toast notifying me that my gdrive account was not initialized properly.
Dear Philipp,
my password database (located on my external sd card) has been open (online) while I ejected the external sd card. I copied all files from card to my pc, then re-formatted the sd card in my phone and that is where all the trouble begins (I thought the card had issues). K2A keeps a local copy of my database an is not able to sync back to the sd card, because Android 7 mounts external sd cards in a path with some randomly choosen name in between:
Example:
Where is my cached copy of the database located, on the phone?? Can I retrieve this most recent copy of my database?
Thanks in advance
FirestarterHNX
I've been using the app for quite a while, and I have noticied new behavior recently on all my devices. When I use the Keepass keyboard to enter my password, the entire password becomes visible in the password box for a short period. I would like to turn this feature off. I do not need to see my entire password. I like to use the Keepass keyboard to avoid that. I've looked through settings, and I can't find a way to do it.
16.10.2017 12:52:01:799 -- LoadDB OK
16.10.2017 12:52:02:49 -- PasswordActivity.OnPause
16.10.2017 12:52:02:53 -- Timeout start
16.10.2017 12:52:02:112 -- GroupActivity.OnCreate
16.10.2017 12:52:02:113 -- GroupActivity:apptask=
16.10.2017 12:52:02:119 -- Loaded task keepass2android.NullTask
16.10.2017 12:52:02:249 -- GroupActivity.OnStart
16.10.2017 12:52:02:250 -- GroupActivity.OnResume
16.10.2017 12:52:02:251 -- DatabaseIsUnlocked=True
16.10.2017 12:52:02:252 -- Timeout cancel
16.10.2017 12:52:03:59 -- PasswordActivity.OnStop
16.10.2017 12:52:06:462 -- GroupActivity.OnPause
16.10.2017 12:52:06:463 -- Timeout start
16.10.2017 12:52:06:477 -- GroupActivity.OnStop
16.10.2017 12:52:06:482 -- GroupActivity.OnDestroyFalse
16.10.2017 12:52:06:652 -- GroupActivity.OnCreate
16.10.2017 12:52:06:653 -- GroupActivity:apptask=
16.10.2017 12:52:06:656 -- Loaded task keepass2android.NullTask
16.10.2017 12:52:06:688 -- GroupActivity.OnStart
16.10.2017 12:52:06:692 -- GroupActivity.OnResume
16.10.2017 12:52:06:693 -- DatabaseIsUnlocked=True
16.10.2017 12:52:06:693 -- Timeout cancel
16.10.2017 12:52:06:849 -- System.NullReferenceException: Object reference not set to an instance of an object
at keepass2android.GroupBaseActivity.get_ListAdapter () [0x00011] in <12058ac0f6a14cb2be6dc204e41ebb1b>:0
at keepass2android.GroupBaseActivity.b__b (System.Boolean success, System.String message) [0x00019] in <12058ac0f6a14cb2be6dc204e41ebb1b>:0
at keepass2android.ActionOnFinish.Run () [0x0004e] in <16bada42394d46dc92dc291eab91a7af>:0
at Java.Lang.Thread+RunnableImplementor.Run () [0x00008] in <04980648b38842d791d69b0431686998>:0
at Java.Lang.IRunnableInvoker.n_Run (System.IntPtr jnienv, System.IntPtr native__this) [0x00008] in <04980648b38842d791d69b0431686998>:0
at (wrapper dynamic-method) System.Object:15987156-66d0-4957-ad3a-fe98c8cd213b (intptr,intptr)
I access my kdbx via https (company cloud).
For we have to change our company password from time to time I have to update my connection in keepass2android, too.
I would appreciate a feature to edit an existing connection i.e. change the used
password. For now I have to create a complete new connection - which uses a
very long URL with many occasions for typing errors...
Users should be notified after making some changes to their database that they should ensure they have an up-to-data backup
When my phone holds keepass in memory, it opens to the 'Unlock database' page, I then get a message that it failed to synchronize the kdbx file (from cloud).
"Could not open from remote: .... looks like XXX not set up...." something like that.
If I back out and go to the main Keepass2Android page, and select the database from the 'recent' list, it works every time.
"Remote File and Cache are synchronized."
Can this be fixed? Maybe force to the Keepass2Android page instead of Unlock database?
With phones, we're getting more and more hardware to use for authentication. I have Android 6.0, and in the system, there are extra options available for unlocking your phone - using a picture of your face, using your phone's location, even a connected Bluetooth device. Would it be possible to add functionality where we can Quick unlock our database by using location?
Reproduction steps:
Actual behavior:
There's no indication of which DB that I'm asked to unlock.
Suggested improvement:
Show the name of the DB on the quick unlock screen.
Without the name, I don't know if the desired DB is already open or not.
App crashes when touching the fingerprint scanner, unlocking the database with password does work.
Nexus 5X on Android 8.0.0. It did work on Nougat.
avoid writing anything to persistent memory
Noticed recently that if your device changes between portrait and landscape orientation while synchronizing the database, KP2A will crash. Immediately upon doing so, the synchronizing text will disappear, then generally 2-5 seconds later I get the crash notice. Tested multiple times on Android 7.1.2 when synchronizing with google drive. Let me know if you need any further details.
On my device, which has a fingerprint scanner separate from the home button, it is possible for me to scan my fingerprint while the database is already loading, causing the database to be loaded twice and cause a corrupted database error when I try to search. I was able to reproduce this in the stable and beta versions.
TrayTOTP was forked into KeeTrayTOTP a couple years ago for the express purpose of adding support for the steam authenticator. By no means would I consider this a priority, but it would be a nice addition.
EDIT: There is a priority issue here. Using KeeTrayTOTP means I can't open my steam entry on kp2a without the app spontaneously exiting the database with an "account not properly initialized" error or crashing. I've made a cloned entry without the TOTP settings for now, but this is hardly optimal. Reported in #43.
Ability to move entries from one group/category to another from within the entry's dialog (not just the listing of entries).
Ideally in the same Top-Left menu where 'Donate a Beer' is currently located.
Hi,
Firstly - thanks for the great app!
I've been thinking about fingerprint authentication today and have concluded that perhaps fingerprints aren't a particularly secure form of authentication (because we only have one set of fingerprints and anyone can probably get hold of them with a little bit of effort and patience). Also some fingerprint scanners may be rather trivial to fool (e.g. http://www.telegraph.co.uk/technology/2017/04/11/smartphone-fingerprint-scanners-could-easily-fooled-fake-prints/ ). However fingerprint unlock is obviously very convenient and I want to use it where possible, but still be as secure as possible.
Hence my enhancement suggestion: In "Enable Fingerprint Unlock for QuickUnlock" mode, what I would like keepass2android to do is to revert to requiring the full password if the fingerprint is rejected several times when trying to quickunlock. Perhaps this can be a configurable option, e.g. a checkbox to enable this behavior and maybe even a configurable number of fingerprint unlock attempts permitted before requiring the full password (maybe a default of 3 or whatever is thought appropriate).
I'm asking for this enhancement because at the moment Keepass2android seems to allow an unlimited number of fingerprint entry attempts in the quickunlock mode without reverting to requiring the full password. Meaning it would be possible for a malicious actor to repeatedly try unlock the database using different fingerprint spoofing tactics. (Obviously this may take them a long time because of the delays after failed attempts, but it seems to be quite an easy attack vector if they have a copy of a persons fingerprints and just need to trick the sensor into accepting them using some means).
Thoughts?
Occasionally I use KeePass2Android to look up a password and the it into another device. My system font can be hard to differentiate between similar looking characters such as 1lO0. I would like to see color coding of numbers and special characters to make it easier to read. For example, I might suggest a special color for numbers and a separate color for special characters.
Thanks for all the good work!
I see there's a plug in section which is great, but the button to get more plugins takes us to the CodePlex project. CodePlex is in the process of shutting down, and may not be the best place to host plugins. Perhaps the link should be changed to this GitHub project?
Dear Philip,
First of all, let me thank you for your great app from all points of view. At the same time, let me offer you two minor enhancement for keepass2android offline which you've already implemented in keepass2android safe:
Well, when you re-open db in keepass2android safe version (i.e., with quick lock), it checks for external modifications and offers three options merge, replace or just reload db. As for keepass2android offline, it only checks for changes only when one saves something or through synchronize menu. It would be great if keepass2android offline followed exactly the same pattern as keepass2android safe as for db external modifications check.
The second issue is somewhat related to the first one. While keepass2android safe always offers 3 options: merge, reload and ignore, keepass2android offline offers merge option only when you add record and try to save it. When you already have unsaved modifications in keepass2android offline and db file is updated externally, keepass2android offline doesn't offer merge option, it only offers reload or ignore. It would be great if keepass2android offline followed keepass2android pattern always offering merge option.
recently had to change my password for my google account. did this in Keepass on the desktop.
because of this i needed to login again in my google account on android, so i went to k2a, autofill asked me to save the android app name to the entry (cause it wasn't saved yet) and then asked to merge, because the remote file had changed. when i clicked merge the old password in k2a overwrote the new password in the database file, together with the new uri thing for the android app.
so it seems like k2a only merges complete entries, and is not able to merge multiple different fields from the same entry
expected result:
keepass merges the new password with the new app-uri, within the same entry
EDIT: i have no idea if this is standard behavior among all keepass compatible apps and software, or just Keepass2Android. so maybe there's no way to know the password field was newer or not.
I'm running 1.02-pre3 on a OnePlus 3T. On this phone, the fingerprint sensor is located on the Home button, so tapping this button will either go to the home screen, or scan the fingerprint, depending on the state of the current app.
I've always had Enable Fingerprint Unlock for QuickUnlock selected under Settings → Database → Fingerprint unlock and (save for the app occasionally forgetting this setting and having to select it again) I never had any issue on the stable release of K2A. Ever since I switched to the beta channel, though, I immediately started experiencing a problem: whenever I get to the QuickUnlock screen, fingerprint unlock doesn't work (despite showing a fingerprint icon); trying to unlock with fingerprint registers as a home button press, so I'm taken to the launcher instead.
When this happens I switch back to K2A and this time fingerprint unlock works just fine. I can repeatedly reproduce this, as it happens every time; fingerprint unlock doesn't work the first time, yet it works flawlessly on the second.
Wie per Mail besprochen stürzt die App ab in den Einstellungen.
Entweder direkt oder kurz danach. Habe ein logcat dazu erstellt. Passwort schicke ich über andere Wege. Bin da etwas paranoid.
Your comparison documentation says that KP2A supports the KeeChallenge plugin. I've done some searching and for the life of me can't figure out how to add something like that. I'm trying to use a Yubikey 4 in challenge response mode to manage my database. I currently use KeepassXC on Windows but need an android solution for on the go. Can you point me in the right direction?
when i open the app (from autofill notification or otherwise) i press the fingerprintsensor/home key.
what happens then is i either go to my home screen or open google assistant.
if i open k2a again from the homescreen or close google assistant and then press the fingerprint sensor it does detect it correctly and open my vault
Links on the about screen point to codeplex, but should probably point to github?
E.g.
https://keepass2android.codeplex.com/workitem/list/basic
Please consider adding a builtin photo viewer and capture from camera in addition to the existing attachment support. Useful for grabbing photo of cards in my wallet. Also try to implement without creating any temporary cache/copy of the image?
Reproduction steps:
Actual behavior:
There's no indication of which DB that I'm asked to unlock.
Suggested improvement:
Show the name of the DB on the quick unlock screen.
Without the name, I don't know if the desired DB is already open or not.
Is it possible to make it available via f-droid or is there a reason its not there?
As its open source it should be possible.
If not, it should be possible via a custom repository for keepass2android so its available for users without google play store
https://f-droid.org/docs/Setup_an_F-Droid_App_Repo/
greets
The gray apple icon does not show in K2P in dark and light themes. It shows on the original Keepass desktop app
The gray apple icon should show in K2P. It might need some tweaking to be visible on the dark theme, due to the colour of the background.
Many thanks
Fails to init cipher
After opening the database through the notification if unlocked or after opening with QuickUnlock, open the entry screen of the last opened entry.
I've experienced a bug with the latest KeePass2Android and nginx/nextcloud 12.
When switching nginx to "http2" protocol, keepass2android is not able to access webdav locations any more on my server (Nextcloud 12).
Error is "expected :status header not found" in the app, the nginx error log shows status code 401 with the okhttp module.
When i switch nginx back to "normal" http and omit the http2 directive, everything works as expected.
Any ideas how to fix this?
Thank you!
fist: thanks for moving to github! much apperciated.
is there an update on that issue here? https://keepass2android.codeplex.com/workitem/664
as i cannot use keepass2android anymore since i turned on TOTP/2FA/Two-Factor-Authentication in NextCloud :-(
Request a new database sync location at sync.com. SYNC is an encrypted open source alternative to big name cloud services. Storage of the database at this service would provide top level protection for the file prior to app access.
Thanks!
I need to keep passwords synchronized between my Windows desktop and Android phone.
I'm using Dropbox to store the password file. I can place the KeePass file on Dropbox, and KeePass2Android successfully opens it.
But, if I try to open the file again with KeePass, the following message is issued: "File signature is invalid. Either the file isn't a KeePass databse file at all or it is corrupted."
This occurs with even if the file is not stored on DropBox, but is instead moved directly between the desktop and Android device.
Any assistance would be greatly appreciated.
when i type a key on my keyboard (swiftkey in my example), regardless of key, including backspace and then slide down the notification tray with the autfill notification, it disappears, untill i leave the app and then open it again, then the autofill notification appears again
When creating a new folder and using the dark theme, both background and text are displayed in white, making it pretty hard to read the text. It'd be great if you changed either text or background colour for this issue.
Hi, would please add the entry icon to the notification message about that this entry has been selected.
Thanks in advance
As long as entries are build as a standard entry, the keyboard fills in the username correctly. As soon as another template is chosen to create an entry, there is no username and the keyboard doesn't recognise the email address or whatever.
I'd suggest to allow the keyboard to grab another entry for the predefined button "user" on the small keyboard in this case. Probably the best idea is to set the top entry as a replacement. Another solution would be to allow the keyboard to grab a self-created field called "user" e.g.
Explain to users that nobody can help them if they lose theire master key. Make them think about a few things like: what if you have an accident? What if you lose your phone? What if your database gets corrupted/deleted/...?
It would be great if devices on Oreo could add this feature designed for password managers: Thanks!
https://developer.android.com/guide/topics/text/autofill.html
KeePass 2.35 announce brought KDBX4 support to us.
There is already FR for it in KeepassDroid (bpellin/keepassdroid#201).
Don't enable fingerprint sensor until the button is pressed. So it won't conflict with home button for certain device.
Databases created with KeepassXC and secured with password and Yubikey Challenge Response don't trigger the yubichallenge app. Instead they open the file browser dialogue.
Please add funcionality for KeePassXC databases and Challenge Response
I have Autofill selected in the KP2A app, KP2A On in Accessibility Settings, and as far as I can tell the keyboard is turned on in the system (since I can use it), but I get no Autofill prompts after updating to 7.0. Actually, I don't seem to get any sort of notification prompts, either for the Autofill or for the "Password is available for..." that I got under 6.0. Is there an additional step that must be completed before I can get these to work the way that they worked in 6.0?
Since I copied my kdbx file over to new phone last November I had been getting notification about something like "cannot save remote, working offline" I am using the offline only app version. So I finally tried to straighten this but I cannot locate my kdbx file to back it up, App shows it is here:
"content://com.scavengers.apps.filemanager.externalstorage.document/primary%3aKeePass"
This is a file manager app I tried a while back that is no longer in the Play store but I found an apk and reinstalled it. This path is not getting recreated however.
I can still access the database and add to it. When I try to export it, it creates a file but it is empty 0KB.
Any other ideas???
Thanks!!!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.