keepassx.db.
Database
(contents, password=None, key_file_contents=None)¶Database representing a KDB file.
find_by_title
(title)¶Find an entry by exact title.
Raise: | EntryNotFoundError |
---|
find_by_uuid
(uuid)¶Find an entry by uuid.
Raise: | EntryNotFoundError |
---|
fuzzy_search_by_title
(title, ignore_groups=None)¶Find an entry by by fuzzy match.
This will check things such as:
- case insensitive matching
- typo checks
- prefix matches
If the ignore_groups
argument is provided, then any matching
entries in the ignore_groups
list will not be returned. This
argument can be used to filter out groups you are not interested in.
Returns a list of matches (an empty list is returned if no matches are found).
keepassx.db.
Entry
¶A password entry in a KDB file.
keepassx.db.
Group
¶The group associated with an entry.
keepassx.db.
Header
(contents)¶Header information for the keepass database.
From the KeePass doc:
Database header: [DBHDR]
[ 4 bytes] DWORD dwSignature1 = 0x9AA2D903
[ 4 bytes] DWORD dwSignature2 = 0xB54BFB65
[ 4 bytes] DWORD dwFlags
[ 4 bytes] DWORD dwVersion { Ve.Ve.Mj.Mj:Mn.Mn.Bl.Bl }
[16 bytes] BYTE{16} aMasterSeed
[16 bytes] BYTE{16} aEncryptionIV
[ 4 bytes] DWORD dwGroups Number of groups in database
[ 4 bytes] DWORD dwEntries Number of entries in database
[32 bytes] BYTE{32} aContentsHash SHA-256 of the plain contents
[32 bytes] BYTE{32} aMasterSeed2 Used for the dwKeyEncRounds AES
master key transformations
[ 4 bytes] DWORD dwKeyEncRounds See above; number of transformations
Notes:
- dwFlags is a bitmap, which can include:
* PWM_FLAG_SHA2 (1) for SHA-2.
* PWM_FLAG_RIJNDAEL (2) for AES (Rijndael).
* PWM_FLAG_ARCFOUR (4) for ARC4.
* PWM_FLAG_TWOFISH (8) for Twofish.
- aMasterSeed is a salt that gets hashed with the transformed user master
key to form the final database data encryption/decryption key.
* FinalKey = SHA-256(aMasterSeed, TransformedUserMasterKey)
- aEncryptionIV is the initialization vector used by AES/Twofish for
encrypting/decrypting the database data.
- aContentsHash: "plain contents" refers to the database file, minus the
database header, decrypted by FinalKey.
* PlainContents = Decrypt_with_FinalKey(DatabaseFile - DatabaseHeader)