NAME
File::KeePass::KDBX - Read and write KDBX files (using the File::KDBX
backend)
VERSION
version 0.901
SYNOPSIS
use File::KeePass::KDBX;
my $k = File::KeePass::KDBX->new($kdbx);
# OR
my $k = File::KeePass::KDBX->load_db($filepath, $password);
print Dumper $k->header;
print Dumper $k->groups; # passwords are locked
$k->unlock;
print Dumper $k->groups; # passwords are now visible
See File::KeePass for a more complete synopsis.
DESCRIPTION
This is a File::KeePass compatibility shim for File::KDBX. It presents
the same interface as File::KeePass (mostly, see "Discrepancies") but
uses File::KDBX for database storage, file parsing, etc. It is meant to
be a drop-in replacement for File::KeePass. Documentation here might be
somewhat thin, so just refer to the File::KeePass documentation since
everything should look the same.
Unlike File::KDBX itself, this module is EXPERIMENTAL. How it works
might change in the future -- although by its nature it will aim to be
as compatible as possible with the File::KeePass interface, so it's
stable enough to start using without fear of interface changes. Just
don't depend on any of its guts (which you shouldn't do even if it were
completely "stable").
File::KeePass::KDBX incorporates some of the code from File::KeePass
but it is not a required dependency and need not be installed for basic
functionality. If File::KeePass is installed, it will be used as a
backend parser and generator for working with older KDB (KeePass 1)
files since File::KDBX has no native KDB parser.
ATTRIBUTES
kdbx
$kdbx = $k->kdbx;
$k->kdbx($kdbx);
Get or set the File::KDBX instance. The File::KDBX is the object that
actually contains the database data, so setting this will implicitly
replace all of the data with data from the new database.
Getting the File::KDBX associated with a File::KeePass::KDBX grants you
access to new functionality that File::KeePass doesn't have any
interface for, including:
* KDBX4-exclusive data (e.g. KDF parameters and public custom data
headers)
* "Placeholders" in File::KDBX
* One-time passwords
* Search using "Simple Expressions"
* and more
default_exp
$string = $k->default_exp;
Get the default value to use as the expiry time.
auto_lock
Get and set whether the database will be locked initially after load.
Regardless, the database can always be manually locked and unlocked at
any time.
See "auto_lock" in File::KeePass.
METHODS
new
$k = File::KeePass::KDBX->new(%attributes);
$k = File::KeePass::KDBX->new($kdbx);
$k = File::KeePass::KDBX->new($keepass);
Construct a new KeePass 2 database from a set of attributes, a
File::KDBX instance or a File::KeePass instance.
clone
$k_copy = $k->clone;
OR
$k_copy = File::KeePass::KDBX->new($k);
Make a copy.
clear
$k->clear;
Reset the database to a freshly initialized state.
See "clear" in File::KeePass.
to_fkp
$fkp = $k->to_fkp;
Convert a File::KeePass::KDBX to a File::KeePass. The resulting object
is a separate copy of the database; each can be modified independently.
from_fkp
$k = File::KeePass::KDBX->from_fkp($fkp);
Convert a File::KeePass to a File::KeePass::KDBX. The resulting object
is a separate copy of the database; each can be modified independently.
load_db
$k = $k->load_db($filepath, $key);
$k = File::KeePass::KDBX->load_db($filepath, $key, \%args);
Load a database from a file. $key is a master key, typically a password
or passphrase and might also include a keyfile path (e.g. [$password,
$keyfile]). %args are the same as for "new".
See "load_db" in File::KeePass.
parse_db
$k = $k->parse_db($string, $key);
$k = File::KeePass::KDBX->parse_db($string, $key, \%args);
Load a database from a string. $key is a master key, typically a
password or passphrase and might also include a keyfile path (e.g.
[$password, $keyfile]). %args are the same as for "new".
See "parse_db" in File::KeePass.
parse_header
\%head = $k->parse_header($string);
Parse only the header.
See "parse_header" in File::KeePass.
save_db
$k->save_db($filepath, $key);
Save the database to a file. $key is a master key, typically a password
or passphrase and might also include a keyfile path (e.g. [$password,
$keyfile]).
See "save_db" in File::KeePass.
gen_db
$db_string = $k->gen_db($key);
Save the database to a string. $key is a master key, typically a
password or passphrase and might also include a keyfile path (e.g.
[$password, $keyfile]).
See "gen_db" in File::KeePass.
header
\%header = $k->header;
Get the database file headers and KDBX metadata.
See "header" in File::KeePass.
groups
\@groups = $k->groups;
Get the groups and entries stored in a database. This is the same data
that "groups" in File::KDBX provides but in a shape compatible with
"groups" in File::KeePass.
dump_groups
$string = $k->dump_groups;
$string = $k->dump_groups(\%query);
Get a string representation of the groups in the database.
See "dump_groups" in File::KeePass.
add_group
$group = $k->add_group(\%group_info);
Add a new group.
See "add_group" in File::KeePass.
find_groups
@groups = $k->find_groups(\%query);
Find groups.
See "find_groups" in File::KeePass.
find_group
$group = $k->find_group(\%query);
Find one group. If the query matches more than one group, an exception
is thrown. If there is no matching group, undef is returned
See "find_group" in File::KeePass.
delete_group
$group = $k->delete_group(\%query);
Delete a group.
See "delete_group" in File::KeePass.
add_entry
$entry = $k->add_entry(\%entry_info);
Add a new entry.
See "add_entry" in File::KeePass.
find_entries
@entries = $k->find_entries(\%query);
Find entries.
See "find_entries" in File::KeePass.
find_entry
$entry = $k->find_entry(\%query);
Find one entry. If the query matches more than one entry, an exception
is thrown. If there is no matching entry, undef is returned
See "find_entry" in File::KeePass.
delete_entry
$entry = $k->delete_entry(\%query);
Delete an entry.
See "delete_entry" in File::KeePass.
finder_tests
@tests = $k->finder_tests(\%query);
This is the query engine used to find groups and entries.
See "finder_tests" in File::KeePass.
now
$string = $k->now;
Get a timestamp representing the current date and time.
is_locked
$bool = $k->is_locked;
Get whether or not a database is locked (i.e. memory-protected
passwords).
See "is_locked" in File::KeePass.
lock
$k->lock;
Lock a database.
See "lock" in File::KeePass.
unlock
$k->unlock;
Unlock a database.
See "unlock" in File::KeePass.
locked_entry_password
$password = $k->locked_entry_password($entry);
Get a memory-protected password.
See "locked_entry_password" in File::KeePass.
CAVEATS
This shim uses perltie magics. Some data structures look and act like
regular hashes and arrays (mostly), but you might notice some
unexpected magical things happen, like hash fields that populate
themselves. The magic is only there to make matching the File::KeePass
interface possible, since that interface assumes some amount of
interaction with unblessed data structures. Some effort was made to at
least hide the magic where reasonable; any magical behavior is
incidental and not considered a feature.
You should expect some considerable overhead which makes this module
generally slower than using either File::KeePass or File::KDBX
directly. In some cases this might be due to an inefficient
implementation in the shim, but largely it is the cost of transparent
compatibility.
If performance is critical and you still don't want to rewrite your
code to use File::KDBX directly but do want to take advantage of some
of the new stuff, there is also the option to go part way. The strategy
here is to use File::KeePass::KDBX to load a database and then
immediately convert it to a File::KeePass object. Use that object
without any runtime overhead, and then if and when you're ready to save
the database or use any other File::KDBX feature, "upgrade" it back
into a File::KeePass::KDBX object. This strategy would require modest
code modifications to your application, to change:
my $k = File::KeePass->new('database.kdbx', 'masterpw');
to this:
my $k = File::KeePass::KDBX->load_db('database.kdbx', 'masterpw')->to_fkp;
# $k is a normal File::KeePass
and change:
$k->save_db('database.kdbx', 'masterpw');
to this:
File::KeePass::KDBX->from_fkp($k)->save_db('database.kdbx', 'masterpw');
This works because File::KeePass::KDBX provides methods "to_fkp" and
"from_fkp" for converting to and from File::KeePass. "new" also works
instead of "from_fkp".
Discrepancies
This shim is supposed to be a drop-in replacement for File::KeePass. If
you're sticking to the File::KeePass public interface you probably
won't have to rewrite any code. If you do, it could be considered a
File::KeePass::KDBX bug. But there are some differences that some code
might notice and could even get tripped up on:
File::KeePass::KDBX does not provide any of the "UTILITY METHODS" in
File::KeePass or "OTHER METHODS" in File::KeePass unless incidentally,
with two exceptions: "now" and "default_exp". I judge these other
methods to not be useful for users of File::KeePass and so probably
aren't used by anyone, but if I'm wrong you can get them by using
File::KeePass:
use File::KeePass; # must use before File::KeePass::KDBX
use File::KeePass::KDBX;
Using both File::KeePass and File::KeePass::KDBX in this order will
make the latter a proper subclass of the former, so all the utility
methods will be available via inheritance. You might also need to do
this if the answer to File::KeePass::KDBX->new->isa('File::KeePass') is
important to your code.
File::KeePass::KDBX does not take any pains to replicate File::KeePass
bugs <https://rt.cpan.org/Public/Dist/Display.html?Name=File-KeePass>.
If your code has any workarounds, you might need or want to undo those.
The issues known to be fixed (or not applicable) by using
File::KeePass::KDBX are: #85012
<https://rt.cpan.org/Ticket/Display.html?id=85012>, #82582
<https://rt.cpan.org/Ticket/Display.html?id=82582>, #124531
<https://rt.cpan.org/Ticket/Display.html?id=124531>, #123330
<https://rt.cpan.org/Ticket/Display.html?id=123330>, #120224
<https://rt.cpan.org/Ticket/Display.html?id=120224>, #117836
<https://rt.cpan.org/Ticket/Display.html?id=117836>, #97055
<https://rt.cpan.org/Ticket/Display.html?id=97055>, #96049
<https://rt.cpan.org/Ticket/Display.html?id=96049>, #94753
<https://rt.cpan.org/Ticket/Display.html?id=94753> and #87109
<https://rt.cpan.org/Ticket/Display.html?id=87109>.
File::KeePass provides the header_size field in the "header", which is
the size of the file header in number of bytes. File::KeePass::KDBX
does not.
File::KeePass supports a keep_xml option on "load_db" to retain a copy
of the XML of a KDBX file from the parser as a string.
File::KeePass::KDBX does not support this option. To do something
similar with File::KDBX:
my $kdbx = File::KDBX->load($filepath, $key, inner_format => 'Raw');
my $xml = $kdbx->raw;
There might be idiosyncrasies related to default values and when
they're set. Fields within data structures might exist but be undefined
in one where they just don't exist in the other. You might need to
check for values using "defined" in perlfunc instead of "exists" in
perlfunc.
File::KeePass::KDBX might have slightly different error handling
semantics. It might be stricter or fail earlier in some cases. For
example, setting a date & time or UUID with an invalid format might
fail immediately rather than later on in a query or at file generation.
To achieve perfect consistency, you might need to validate your inputs
and handle errors before passing them to File::KeePass::KDBX.
Some methods have different performance profiles from their
File::KeePass counterparts. Operations that are constant time in
File::KeePass might be linear in File::KeePass::KDBX, for example. Or
some things in File::KeePass::KDBX might be faster than File::KeePass.
Of course you are not likely to detect any differences unless you work
with very large databases, and I don't know of any application where
large KDBX databases are common. I don't think any KDBX implementation
is optimized for large databases.
BUGS
Please report any bugs or feature requests on the bugtracker website
https://github.com/chazmcgarvey/File-KeePass-KDBX/issues
When submitting a bug or request, please include a test-file or a patch
to an existing test-file that illustrates the bug or desired feature.
AUTHOR
Charles McGarvey <ccm@cpan.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2022 by Charles McGarvey.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.