Secure QRcode generation to copy/transfer a password offline and across different devices

[evilsh3ll]

Is your feature request related to a problem? Please describe.
You have a smartphone and a computer, a keepass database is stored in one of them and you don't want to share it with the other (maybe because one has a TOTP database and you want to avoid to generate "a single point of failure"). So you can generate on-the-fly a qrcode with the password and decode it in the other device just by using a camera and a qrcode app.

Describe the solution you'd like
KeePassDX could offer a new way of copying a password (or a database field) by using QRcode. In this way it can be copied across devices, without sharing the full database with the other device and without using internet. KeePassXC shouldn't leave traces of the generated image in disk or in memory after the image is copied.

Describe alternatives you've considered
none

Additional context
I also opened a similar feature request for the KeePassXC linux software, so it should be useful if the android "counterpart" KeePassDX could also offer a feature to read QRcode with an integrated camera, in order to be able to leave as less information as possible in the android clipboard and in order to not use 3rd party qrcode reader that could memorize the image with password.

An additional feature that adds a sort of PIN to the image (generating an encrypted image) could be a very interesting feature.

[tlaurion]

I would also really love to see this happen.

Heads project (https://github.com/osresearch/heads) could generate secrets and have them transmitted in the form of a qrcode. The only thing that would be needed would be to know the format expected by keepassdx.

How complicated would it be to first add qrcode scanner into the app directly at the moment of creating a new entry?

The idea here would be for keepass to be the app owning the camera, and then be able to get the info from the qrcode to be used as text. The basic would most probably be to enter a note entry as a start and go from there? That alone would fit the goal of the present issue.

I can start to look at the codebase myself to search the format in which keepass would expect that information to be formatted, but on Heads side:

• title would be board name and serial number
• fields name could be custom, just need to know what format they need to be in

Heads could generate the passphrases directly in the format needed by keepass:

• Disk recovery key passphrase
• TPM ownership passphrase
• GPG Admin PIN
• GPG User PIN
• GPG reset code
• TPM sealed disk decryption key passphrase
• Generated serial number

And that could be extended to

• public key
• ssh public key

And all those could be generated from diceware passphrases and be saved easily with a title like "board name - serial number" and subfields populating an entry directly, or augmenting an existing entry from the same title if already existing.

Having that information shared through QR codes would be amazing, since those information would be easily captured both by OEM and end users generating those information at either Factory reset/re-ownership. That would remove any possibilities of human error from either OEM or end users choosing passphrases and having issues noting them down or... Losing papers. Cause that happens a lot. That in encrypted database would solve so many issues. And having distinct profile on phone remove most of the possibilities of leak as well.

[tlaurion]

@J-Jamet ?

[J-Jamet]

Currently, QR Code use is not integrated directly into the application, as sharing formats are evolving and other applications do it better : https://github.com/Kunzisoft/KeePassDX/wiki/OTP#qr-code

The first idea would be to share information via an Intent, in which case any compatible application would be able to read the Intent's data content. In the best-case scenario, we could create another dedicated application for this purpose, which would enable this sharing system to be used generically and not just on KeePass.

I fully understand the interest and agree that it would be a great addition.

[tlaurion]

@J-Jamet Willing tester here for whatever secure transfer would be possible here.

PoC of what would easily be adapted later on but I will start pushing forward on Heads side:

Containing:

Generated Serial Number: iDqAFKME
Disk Recovery Key passphrase: Justly Grinning Overcome Trimester Hardy Endurable
TPM Ownership passphrase: Widget Backboard
GPG Admin PIN: Widget Backboard
GPG User PIN: Variable Object
GPG Reset Code: Equity Critter
TPM Disk Unlock Key passphrase: Trapping Tumbling Policy

[tlaurion]

@J-Jamet AFAIK, grapheneos has a proper qr code scanner in its camera app that could be borrowed and integrated directly inside of keepassdx.

https://github.com/GrapheneOS/Camera
Edit: maybe android library is too recent for keepassdx.

The reason for bypassing intent, on a security perspective, would be for the app itself to have permission and total ownership of the camera to do the qr code scanning, not having the possibility of the secret to be exposed to any other application.

But maybe the way to go would be increments

[tlaurion]

@J-Jamet beaking it in smaller steps.

In the above example. What would I need to produce as expected format so that I could share the scanned Qr text so keepassdx can feed it at least as notes for what would be a "title" that is already recognized?

Can you point t me to a format keepassdx understands and could import from text?

I would have expected the following content, shared as text to keepassdx, to create a new entry titled x230-maximized-Rambo and feed the notes section with the information to keep.:

keepass://x230-maximized-Rambo?note=Generated%20Serial%20Number:%20iDqAFKME%0ADisk%20Recovery%20Key%20passphrase:%20Justly%20Grinning%20Overcome%20Trimester%20Hardy%20Endurable%0ATPM%20Ownership%20passphrase:%20Widget%20Backboard%0AGPG%20Admin%20PIN:%20Widget%20Backboard%0AGPG%20User%20PIN:%20Variable%20Object%0AGPG%20Reset%20Code:%20Equity%20Critter%0ATPM%20Disk%20Unlock%20Key%20passphrase:%20Trapping%20Tumbling

[tlaurion]

@J-Jamet or

keepass://create-entry?title=x230-maximized-Rambo&note=Generated%20Serial%20Number:%20iDqAFKME%0ADisk%20Recovery%20Key%20passphrase:%20Justly%20Grinning%20Overcome%20Trimester%20Hardy%20Endurable%0ATPM%20Ownership%20passphrase:%20Widget%20Backboard%0AGPG%20Admin%20PIN:%20Widget%20Backboard%0AGPG%20User%20PIN:%20Variable%20Object%0AGPG%20Reset%20Code:%20Equity%20Critter%0ATPM%20Disk%20Unlock%20Key%20passphrase:%20Trapping%20Tumbling

But there seems to be something I'm missing.

[tlaurion]

@J-Jamet where can I read about url formats supported by keepassdx so that text content could be used to create/update an entry just like otp is supposed to work today?

[tlaurion]

@J-Jamet intents might be good enough as a start, but sharing QrCode content as text to KeepassDX doesn't work since KeepassDX doesn't recognize the text/URI format. Can you guide me into creating QrCode text/URI format that KeepassDX is supposed to understand?

Above attempted format don't work and if not a bug, most probably just because attempted format is not good and would need advice.

[J-Jamet]

where can I read about url formats supported by keepassdx so that text content could be used to create/update an entry just like otp is supposed to work today?

This kind of format doesn't yet exist in KeePassDX, Is the format you offer standardized for other KeePass applications?

[tlaurion]

@J-Jamet

I was attempting to expend on
https://keepass.info/help/base/placeholders.html

I looked the code base to come to the same conclusion, there is no known format I can create a Qr code that could easily be shared as text and understood by keepassdx and creating an entry for titke:note(content)

That would be my goal.
Would that be something you would be interested adding as a Poc?

Just like totp format can be shared to keepassdx today, expending it through raw notes with a title in url would be a satisfying first step.

I would generate the Qr code to match that format so that resulting scanned text could be shared to keepassdx as text.