master
A Java 8 API for databases compatible with the renowned KeePass password safe for Windows. This is a "headless" implementation - if you want something with a UI then KeePassXC and KeePassDX could be just the things for you.
Features to date:
- Read and write KeePass 2.x format (File formats V3 and V4)
- Keepass 2.x Password and Keyfile Credentials
- Read KeePass 1.x format (Rijndael only)
- No requirement for JCE Policy Files
- Android compatible
- Interfaces for Database, Group and Entry allow compatible addition of other formats
It is licensed under the Apache 2 License and is currently usable.
The work is provided on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties
or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY,
or FITNESS FOR A PARTICULAR PURPOSE.
You are solely responsible for determining the appropriateness
of using or redistributing the Work and assume any risks
associated with Your exercise of permissions under this License.
(see license)
After a period of neglect, the project is (May 2023) back in development.
The current code is version 2.2.2-SNAPSHOT. This is on the main branch. See Build from Source
Key updates relative to 2.1:
- Java 8 (dependencies no longer support Java 7)
- Updated dependencies to remove known vulnerabilities
- File format version 4 support - with Argon2
See the changelog for more details.
The composite POM for the last release (2.2.1), Java 8 compatible, is
<groupId>org.linguafranca.pwdb</groupId>
<artifactId>KeePassJava2</artifactId>
<version>2.2.1</version>
at Maven Central. Note that the artifactId has become Camel Case from release 2.1.x onwards.
Snapshot builds are erratically available at Sonatype:
<groupId>org.linguafranca.pwdb</groupId>
<artifactId>KeePassJava2</artifactId>
<version>2.2.2-SNAPSHOT</version>
with appropriate <repositories> entry, like:
<repositories>
<repository>
<id>oss.sonatype.org-snapshot</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
There are also separate POMs for the various modules. The module structure is illustrated below under Build from Source.
From release 2.2 it requires Java 1.8. Earlier versions require Java 1.7.
Create credentials and an input stream for the password vault in question:
KdbxCreds creds = new KdbxCreds("123".getBytes());
InputStream inputStream = getClass().getClassLoader().getResourceAsStream("test1.kdbx");
then choose a database implementation, and load the database.
Database database = SimpleDatabase.load(credentials, inputStream)
or
Database database = JaxbDatabase.load(credentials, inputStream)
or
Database database = DomDatabaseWrapper.load(credentials, inputStream)
or
Database database = JacksonDatabase.load(credentials, inputStream)
Different implementations have varying characteristics, primarily speed.
The table below illustrates timings for the file test1.kdbx
(in the test module resources -
it is around 2k bytes and contains a few dozen entries)
as assessed by this test
in the "examples" module.
Simple 5 loads 20 iterations 257 millis
Jaxb 5 loads 20 iterations 326 millis
Dom 5 loads 20 iterations 758 millis
Jackson 5 loads 20 iterations 374 millis
Simple 10 loads 1 iterations 340 millis
Jaxb 10 loads 1 iterations 552 millis
Dom 10 loads 1 iterations 175 millis
Jackson 10 loads 1 iterations 343 millis
Simple 1 loads 50 iterations 28 millis
Jaxb 1 loads 50 iterations 47 millis
Dom 1 loads 50 iterations 251 millis
Jackson 1 loads 50 iterations 34 millis
Load time is dominant in this example for JAXB and Simple, database traversal for the DOM implementation.
Password databases are modelled as a three layer abstraction.
A Database is a collection of records whose physical representation needs only to be capable of rendering as a stream. Entries hold the information of value in the database and Groups allow the structuring of entries into collections, just like a folder structure.
The Database has a root group and by following subgroups of the root group the tree structure of the database can be navigated. Entries belong to groups. Entries can be moved between groups and groups can also be moved between groups. However, entries and groups created in one database cannot be moved to another database without being converted:
database.newEntry(entryToCopy);
database.newGroup(groupToCopy);
The class Javadoc on Interface classes Database, Group and Entry describe how to use the methods of those classes to create and modify entries. These classes provide the basis of all implementations of the various database formats, initially KDB, KDBX 3.1 and KDBX 4 (KeePass 2) file formats, subsequently, potentially, others.
The class QuickStart.java provides some illustrations of operations using the Database, Group and Entry interfaces.
This project is so named by kind permission of Dominik Reichl the author of KeePass. There is no formal connection with that project.
It has always been the intention to support other specific password database implementations. Hence, the creation of abstract Database interfaces rather than following the KeePass model exactly.
KeePass is in effect defined by the code that Dominik writes to create and maintain the project. Hence, there is not much by way of definitive specification of KeePass files other than that code. There is a discussion of the differences between KDBX version 3.1 and version 4. There is also a discussion of the enhancements in KDBX 4.1, as well as a discussion of Key Files.
Massive credit also to the folks over at KeePassXC who wrote some documentation about their understanding of various format things.
For the sake of clarification and my own satisfaction I have written about my understanding of KeePass formats in the following locations:
- The Javadoc header to KdbxSerializer describes KDBX stream formatting.
- The XSD Schema KDBX.4.xsd documents my understanding of the Keepass XML, and also my lack of understanding, in parts.
- The following graphic illustrates KDBX 3.1 and 4 file formats:
Aside from the JRE, at release 2.2, the API depends on:
- Google Guava (Apache 2 license).
- Apache Commons Codec (Apache 2 license).
- Bouncy Castle (MIT License).
The Simple XML implementation additionally depends on:
The Jackson implementation depends on:
For Java 11 and later Jaxb implementation depends on explicit inclusion no longer provided by JDK of:
It also depends on SLF4J and Junit for tests.
Included POM is for Maven 3.
There are rather a lot of modules, this is in order to allow loading of minimal necessary functionality. The module dependencies are illustrated below.
Each module corresponds to a Maven artifact. The GroupId is org.linguafranca.pwdb. The version id is as noted above.
| Module | ArtifactId | JavaDoc | Description |
|---|---|---|---|
| database | database |
|
Base definition of the Database APIs. |
| example | example |  |
Worked examples of loading, saving, splicing etc. using the APIs |
| test | test |  |
Shared tests to assess the viability of the implementation. |
| all | KeePassJava2 | (no JavaDoc) | This is the main KeePassJava2 Maven dependency. Provides a route to all artifacts (other than test and examples) via transitive dependency. |
| kdb | KeePassJava2-kdb |  |
An implementation of the Database APIs supporting KeePass KDB format. |
| kdbx | KeePassJava2-kdbx |  |
Provides support for KDBX streaming and security. |
| simple | KeePassJava2-simple | |
A Simple XML Platform implementation of KDBX. Could be useful for Android. |
| jaxb | KeePassJava2-jaxb |  |
A JAXB implementation of KDBX. Probably not useful for Android. The generated class bindings might be useful for building other interfaces. |
| dom | KeePassJava2-dom |  |
A DOM based implementation of KDBX. Being DOM based it is rather slow, but messes less with existing content than the other two implementations. Known to work on Android. |
| dom | KeePassJava2-jackson |  |
A Jackson based implementation of KDBX. Intended to replace the Simple XML implementation. Simple XML seems no longer to be maintained. |
Why are there so many implementations for KDBX? Well, the DOM implementation came first, because it can load and save stuff that the implementation doesn't specifically know about. But it is very slow.
Then came the JAXB implementation, but belatedly it seems that Android support is in question. So latterly the Simple implementation. That was probably enough KDBX implementations, however, the Simple XML library seems no longer to be maintained, and along comes the Jackson Implementation.
If you prefer Gradle the automatic conversion gradle init has been known to convert the POM successfully, however you will
need to add something like gradle-source-sets.txt to the build.gradle for the JAXB module, so that the generated sources
get compiled correctly.
In this file.
Many thanks to Pavel Ivanov @ivanovpv for his help with Android and Gradle compatibility issues.
Thanks to Giuseppe Valente @giusvale-dev for the contribution of the Jackson module.
Thanks to other contributors and raisers of issues.
Copyright (c) 2023 Jo Rabin
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent