Keepassxc: Opening KeePass 2.38 generated database not working
KeePassXC fails to open databases that were generated with KeePass2 and use passphrases and keyfiles. I am not sure if this is the same issue as #2834 as I don't get any segfaults.
Expected Behavior
KeePassXC should be able to open the database.
Current Behavior
When opening a kdbx database that was generated using KeePass 2.38 on a Windows 7 x64 system, opening fails. KeePassXC shows a wrong pw/corrupted db error message.
The respective database uses AES with AES-Key Derivation, GZip Compression.
The db is using both a passphrase and a keyfile.
The behaviour is reproducible, I can provide a test-db if required.
Possible Solution
Steps to Reproduce
- Open Keepass 2.38
- Generate a new DB using AES / AES-KDF / Gzip
- select passphrase and generate a fresh keyfile
- Open that database with KeePassXC 2.4.0
Context
Debug Info
KeePassXC - Version 2.4.0
Revision: c51752d
Libraries:
- Qt 5.12.1
- libgcrypt 1.8.4
Operating system: Windows 7 SP 1 (6.1)
CPU architecture: x86_64
Kernel: winnt 6.1.7601
Enabled extensions:
- Auto-Type
- Browser Integration
- SSH Agent
- KeeShare (signed and unsigned sharing)
- YubiKey
vpav
All 10 comments
Please provide a test database for our use. KeePass 2.38 is pretty old, you should update to 2.41.
droidmonkey
on 24 Mar 2019
Sure, db + keyfile is here: testdb.zip
The passphrase for the db is 1testpassword!
In the meantime I'll try open and save that db with KeePass 2.41
vpav
on 24 Mar 2019
Ok, KeePass 2.38 vs 2.41 does not show different behaviour when opening with KeePassXC:
db + keyfile generated with 2.38, opened with 2.41, entry modified, saved -> Unable to open
db + keyfile generated with 2.38, opened with 2.41, master password changed, saved -> Unable to open
db + keyfile generated with 2.41 -> Unable to open
All tests done with AES encryption, AES KDF and enabled GZip compression.
vpav
on 24 Mar 2019
I have the same issue, also happens when a database uses different encryption algorithms. One thing I noticed is that keyfiles generated with Keepass are simple XML textfiles, while keyfiles generated with KeePassXC (at least in version 2.4) are binary files. Maybe that has something to do with it?
zacharra
on 24 Mar 2019
AH HAH! I found the issue. If the key file contains a '/' in the data section our check for Base64 fails which prevents loading the key.
droidmonkey
on 24 Mar 2019
This can't possibly be a new bug, can it?
phoerious
on 25 Mar 2019
No it was present in 2.3.x as well
droidmonkey
on 25 Mar 2019
To anyone experiencing this, I recommend you just generate a new key file in 2.3.4, which will open in 2.4.0. Or you wait until the fix lands in 2.4.1, but there is really no reason to stick with legacy key files.
phoerious
on 25 Mar 2019
Regenerating the keyfile seemed to work fine for me. On Windows I was using 2.3.4 and going to 2.4 which had the same issue.
ghost
on 1 Apr 2019
Made a keepasscx database on Mac, cannot open it with keepass2android, Invalid composite key. Tried to open it with linux keepasscx, same cannot open it but different error (description):
Error while reading the database: Invalid credentials were provided, please try again.
If this reoccurs, then your database file may be corrupt. (HMAC mismatch)
All versions are as the latest versions available of today ( fresh installations, 10-05-2020) .
Test database attached x-special/nautilus-clipboard
copy
file:///home/rickvek/Downloads/Diverse/Passwords.kdbx
Password of database = "LetMeIn"
rickvek
on 10 May 2020
Related issues
shyim
路
3Comments
2tbwXj46BDbdNBRV79DS
路
3Comments
813gan
路
3Comments
Throne3d
路
3Comments
rugk
路
3Comments
Most helpful comment
AH HAH! I found the issue. If the key file contains a '/' in the data section our check for Base64 fails which prevents loading the key.