Skip to content
/ keywi Public

Minimalistic Keepass plugin using Web Extensions and KeepassHTTP.

License

Notifications You must be signed in to change notification settings

LEDfan/keywi

Repository files navigation

Logo

Keywi

Minimalistic Keepass extension using Web Extensions and KeepassHTTP.

Goals

  • Minimalistic password integration in Firefox
  • Fill username and password in login form, using context menu and keyboard shortcut
  • Use Keepass HTTP
  • No editing of the Keepass database
  • Using the Firefox web extensions API, to support Firefox 57 and later
  • Support Keepass, KeepassXC, later maybe Pass
  • Minimal amount of libraries (aes and cryptohelpers)
  • No automatic form filling, i.e. only when the user wants to. The user has to select the form itself. This is very important because:
    • credentials can be filled in the wrong site (e.g. a DNS spoofing)
    • credentials can be filled in the sign up form
    • credentials can be filled in a hidden form
    • you don't want to log in on this website now
    • there are multiple forms on the website (unlikely)
  • No injecting of buttons or icons into forms
  • Support HTTP basic authentication

Usage

Keywi uses the local storage mechanism of the browser to store some information needed to connect to Keepass. This information includes the key used to authenticate and encrypt the communication with Keepass. The information stored in the local storage of the browser is stored unencrypted. Therefore Keywi encrypts this information (database.key, database.id and database.hash) using 256-bit AES key derived from a user-provided password.

This password is asked to the user the first time Keywi is used for encrypting the information. Every time you start Firefox it's asked to decrypt the information.

Keywi requires Firefox 51 or later.

First time

  1. install the KeepassHTTP plugin in Keepass. See: https://github.com/pfn/keepasshttp
  2. make sure the correct Keepass database is open
  3. install the addon
  4. you'll be asked to enter a password for secure storage. You should not use the same password as used in Keepass. Make sure it's a secure and strong password.

  1. keepass will ask to confirm the association

When Firefox starts

You will be asked to unlock the Secure Storage using the same password as during the setup.

Fill in credentials

  1. select the username input field
  2. right click and choose "Fill username and password" inside the "Keywi" submenu. It's possible to only fill your username or password.

3. Click "Allow" when keepass asks permission for the request to the credentials 4. the username and password are filled

Keyboard shortcuts:

The following shortcuts are supported:

  • Ctrl + Shift + F Fill username and password in the current active input field (only the username will be filled when no password field is found)
  • Ctrl + Shift + D Fill only password in the current active input field

Multiple Credentials for one URL

When Keepass finds multiple credentials for one URL, it will ask you to select one:

Disable "Remember for logins" in Firefox

To provide a better user experience we advise to disable the feature in Firefox to remember logins.

HTTP Basic Auth

When a website asks for your credentials using basic auth, Keywi will ask you whether you want the credentials to be filled:

Press Enter or `Fetch credentials` to continue. Confirm the credential you want to fill. Use Enter when only one credential is available.

Translations

This project is translated using Crowdin. Follow these steps if you want to contribute

  1. Start with the Keywi project on Crowdin
  2. Continue working on an existing language or ask us to add a new one
  3. We will put the translations in the next release of Keywi
  4. It's not necessary to translate technical terms, like the following words, if there is no good translation which fits the context:
  • database
  • Secure Storage
  • hash

The following word should always be capitalized:

  • Keywi
  • Keepass
  • Secure Storage

Thanks for helping!

Translation of addons.mozilla.org metadata

  1. fork this repo and clone it into your workspace
  2. copy the _amo/en/description.html file to e.g. _amo/nl/description.html
  3. copy the _amo/en/summary.txt file to e.g. _amo/nl/summary.txt
  4. translate it
  5. commit and push to Github
  6. open a pull request

In description.html these HTML tags are supported:

<a href title> <abbr title> <acronym title> <b> <blockquote> <code> <em> <i> <li> <ol> <strong> <ul

The summary.txt file only supports plain text up to 250 characters.

Alternatives

Special thanks to passifox, we used it as inspiration for this addon and use KeepassHTTP of the same author. Some differences between this addon and Passifox:

  • some forms can't be filled (e.g. openmediavault has some problems with it)
  • doesn't uses web extensions, thus not compatible with Electrolysis
  • automatic form filling

This extension is a port of chromeIPass to firefox. Some differences:

  • automatic form filling
  • auto detect form fields (comes with a gui to manually select a form)

Kee does some things which this addon is designed to not do:

  • Kee is very feature rich, almost a password manager on it's own
  • Kee automatically fills login form
  • Kee modifies the Keepass database
  • Kee injects icons into the form
  • Kee is not compatible with KeepassXC
  • auto detect form fields

Note about add-on ID's

To speed up the testing of the add-on we release a signed but self-distributed version of it, this addon has the id keywi-ff-add-on-ss@ledfan.be. The add-on distributed using AMO has keywi-ff-add-on@ledfan.be as id.

Warning: this means that when you switch between the self-distributed version and the version from AMO you need to re-setup the Secure Storage and re-associate with Keepass.

Authors

License

Keywi is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Keywi is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with Keywi. If not, see http://www.gnu.org/licenses/.

Used libraries

This project uses the following libraries which are all found under the vendor directory:

Logo

The logo is based on https://pixabay.com/en/key-lock-web-1294351/ and https://pixabay.com/en/kiwi-fruit-food-half-green-fresh-310189/