Actual version of kppy from May 16, 2018: 1.5.0
My main focus has switched to reimplement this project in Rust as it allows me to realize my vision of a secure password manager which is not possible with Python. However I will publish bug fixes and answer bug reports if there are any. As KeePassC is stable and feature-complete this shouldn't be a reason for not using it anymore.
! Due to a bug in KeePassX it is not possible to decrypt databases encrypted with a 64Byte-keyfile. Indeed it's possible to open such a database encrypted by the reference implementation KeePass 1.26 for Windows. !
A Python 2&3-module to provide an API to KeePass v1.x password database files which are also used by the popular KeePassX.
- License: ISC
- Author: Karsten-Kai König firstname.lastname@example.org Twitter
- Stable download: https://github.com/raymontag/kppy/tarball/master
- Bug tracker: https://github.com/raymontag/kppy/issues?state=open
- Git: git://github.com/raymontag/kppy.git
Full Access to KeePass v1.x/KeePassX files:
- Open, save and close KP-files correctly
- Edit KP-files correctly and comfortable
- AES encryption
- First Python module for KeePass 1.x files that supports keyfiles, too.
- First Python-KeePass module for Python 3.
Some explanation to KeePass databases:
- Database files are encrypted with AES
- Database entries are sorted in groups
- Groups support subgroups
- Every entry has a title for better identification
- Expiration dates for entries
Big API-change with v.1.4.0!
- Python 3.x (Python 2 should work, too, but is not well tested)
- PyCrypto (https://www.dlitz.net/software/pycrypto/)
Just type "python setup.py install" (or "python3 setup.py install") with root rights in the root directory of kppy if all dependecies are fulfilled.
As long as the database is opened with this module, the password is saved as plain text in RAM. Even if the database was closed correctly it is possible that the password lies somewhere in your computer's RAM, it's not possible to prevent this in Python. That is, if your computer is compromised it is possible to dump the password from memory. To prevent some scenarios you could change the working directory of Python to /var/empty on UNIX-like systems while using kppy. A core dump wouldn't be possible unless you're using kppy as root.