A KeePass/Password Safe Client for iOS and OS X

Overview

Strongbox

A Personal Password Manager for iOS & OSX that can be found on the Apple App Store here:

https://apps.apple.com/app/strongbox-password-safe/id897283731

Strongbox supports the open source Password Safe (version 3) and KeePass file formats (KeePass 1 and 2, i.e. KDB, KDBX (3.1 and 4)). Strongbox uses open source encryption algoritms likes TwoFish, Argon2d, ChaCha20, Aes, Salsa20 and various other cryptographic techniques (SHA256s, HMACs, CSPRNGs) to store groups and entries, containing various secrets, mostly designed around password storage. You can also store File Attachments in KeePass format safes. YubiKey is also supported!

Beta Testers Wanted

If you'd like to beta test new versions of Strongbox before they are released to the general public please just email [email protected]. You'll need to be fairly technically competent and have a good backup process in place (just in case).

Localization - Help Wanted

Localization and translation is managed through the parallel Babel project here:

https://github.com/strongbox-password-safe/babel

This is managed under the MIT licence to avoid issues with the Apple's App Store and ownership. There are some efforts underway right now but if you would like to see Strongbox translated into your language just get in touch and we'll try to set you up. Currently we are using Crowd In to manage things and it seems to be working well. Get in touch to get an invite to that system and being work on your language.

You can submit Pull Requests any way you choose, and it will be much appreciated, but please get in touch first so I can make sure the Repo is setup correctly for your language.

Big thank you to all the localization contributors

  • Chinese - GY & Attis & Anonymous
  • Czech - S474N
  • Dutch - Wishes to remain anonymous
  • French - Charles-Ivan Chesneau
  • German - @Slummi
  • Italian - Marco Ermini
  • Japanese - Anonymous
  • Norwegian - Ole Aldric
  • Portuguese (PT-BR) - Wolfgang Marcos
  • Russian - Wishes to remain anonymous
  • Spanish - Wishes to remain anonymous
  • Swedish - Jari Häkkinen
  • Ukrainian - Artem Polivanchuk

License Notes

This software provided here on Github is licensed under the GNU AGPL by default, except for translations of Strings files which are managed under the MIT Licence in the Babel sub project. Copyright/Ownership is held by Mark McGuill. Strongbox is licensed to Apple under a different license which is compatible with the App Store.

If you are interested in using the code, commercially, or in some other fashion for which the GPL is unsuitable, or if you would simply like to discuss an alternative licence or custom builds for your organization, then please get in touch.

Supporting Development

There are several ways you can help support continuous development. Obviously if you purchase a subscription or lifetime licence that's really helpful. But there are a few other options if you like the app and you are feeling generous... You can help by contributing financially here:

If you like the app, you can always help out by leaving a 5 star review in the App Store. This is very helpful, and helps get the word out about Strongbox. If you can, please leave a positive comment too. You can review the App here:

https://apps.apple.com/app/strongbox-password-safe/id897283731

Of course it is also great if you can tell your friends and family about the App, spread the word on Twitter, Reddit or otherwise.

Help / Tech Support

If you're having trouble, please checkout the following sources:

Another important step is to restart your device, it's surprising how often this can fix issues. If you are having iCloud trouble, then signing in and out of iCloud/iCloud Drive can help.

Build Issues

The code is provided here for reasons of security, transparency and openness. Anyone can view the code and verify that everything is above board, the algorithms are correct and there are no backdoors or other malicious features present. You will need Google Drive, OneDrive and Dropbox developer accounts (with keys/secrets) before building. Familiarity with Cocoapods and other build tools is a prerequisite. Please do not file issues about build issues, I can't guarantee what is here will build in your environment. What is here is all of the functional code used in building Strongbox. XCode Interface Builder UI files, XCode project/solution/workspace, and other non functional code files may be removed to hinder copy cat apps. Translation strings files are managed in the separate Babel repository.

If instead of examining the code, you simply want to use the app, please download from the App Store, the free version is more than functional. Lastly, if you are attempting to bypass built-in Pro/Free limitations for your own app usage, I would ask you to keep that app to yourself and not distribute it. Also, please consider your actions, and consider supporting further development by contributing via the official application (In-App Purchase upgrade). It will be very much appreciated. Finally, if you really need all the Pro features and cannot afford the upgrade, just drop me a mail and I'll help you out.

Contributions or Pull Requests

I cannot accept outside pull requests from the community for licensing reasons. To release to Apple's App Store I have to manage Strongbox under a dual licence. The code here is under the GPL which Apple will not allow in the App Store. As mentioned above the code is provided here for transparency and openness, something I consider a prerequisite for a Password Manager. I need to maintain full ownership of the code so that I can licence to Apple separately, and also any outside/other licencing that might come along, commercial or otherwise. Accepting contributions (no matter how awesome) would involve the contributer signing their life and probably first born child away... There is probably a way to do this but I believe it will involve legally binding documents and other bureaucracies so to keep things simple I'm just going to manage the development myself. Other people's code sucks anyway, right?

Sorry... :(

Acknowledgements

The crypto is mostly from TomCrypt and libsodium. PasswordSafe & KeePass DB parsing/navigation/UI/Cloud interaction is my own work.

The official PasswordSafe github repository is here:

https://github.com/pwsafe

Kudos to Rony Shapiro, Bruce Schneier and all the Password Safe team for their amazing work and the original Password Safe format and application.

The official KeePass site is here:

https://keepass.info/

Kudos to Dominik Reichl and all the KeePass team for their incredible technical skill, for coming up with a great format, and their seminal KeePass app.

Hats off to the KeePassXC team for their fantastic cross platform apps.

https://keepassxc.org/

Another great project is KeeWeb, a fully javascript based client which works cross-platform basically everywhere! Major props to @antelle

https://github.com/keeweb/keeweb https://keeweb.info/

** Have I Been Pwned ** The 'Have I Been Pwned?' service is provided by Troy Hunt. Strongbox uses the Pwned Passwords API there. Many thanks for some amazing work. Please consider donating to him to keep the service running here.

** zxcvbn Password Strength by Dan Wheeler ** You can read more about this library here. Strongbox uses the C port by tsyrogit here. The original CoffeeScript version by Dan Wheeler is available here.

I use many different libraries in the app here are just a few:

Comments
  • Yubikey: Challenge-Response (KeePassXC mode)

    Yubikey: Challenge-Response (KeePassXC mode)

    iOS doesn't support Yubikey Challenge-Response for 2FA on Keepass files.

    A workaround to be able to open Yubikey protected databases can be found in: https://github.com/keepassxreboot/keepassxc/issues/1734 which shows how to create a pre-computed key file:

    CHALLENGE_RESPONSE_KEY=
    DATABASE_FILE=/tmp/passwords.kdbx
    KEY_FILE=/tmp/passwords.key
    xxd -p -c 33 -s 0xc5 -l 32 "$DATABASE_FILE" | xxd -r -p | openssl dgst -sha1 -hmac "$(echo -n "$CHALLENGE_RESPONSE_KEY" | xxd -r -p)" | cut -c 10- | xxd -r -p > "$KEY_FILE"
    

    Unfortunately each time the database is changed this key file needs to be regenerated and imported into iOS.

    It might be useful to add an Advanced Unlock option that takes the Challenge-Response secret and password and computes the key on the fly, avoiding the need for manual steps.

    enhancement iOS 
    opened by markchalloner 96
  • Autofill Crashes

    Autofill Crashes

    Hi, i just ended my trial early and registered both the iOS and macOS versions, as I'm super happy with everything so far - thanks!

    My issue is regarding iOS autofill using a keepass db. Let's say i try to log into github. The keyboard shows an entry is available and prompts me to use the right one. I click it, then go through the TouchID prompt. Then it shows a spinner, and then just returns to the login page without entering anything in either the user or pw fields. It just continues to show an entry an available, but the cycle will just repeat without success if i keep trying. I'm logged into the db in a separate strongbox app window while doing this. The db is in readonly mode.

    I know there's a faq entry about autofill crashing due to apple resource limitations, but I thought some issues i read suggested it should work now. Also, I have a friend who uses 1password with a database with at least 3+ times as many entries as mine, and his works just fine.

    So, should mine be working now and this is an unexpected crash, or are there still expected crashes due to apple constraints combined with certain keepass db characteristics?

    If it's really resource limitations set by apple, where are those documented? How is 1password likely working within them successfully for similar functionality? I miss my keepass keyboard on android, and autofill seems like the best alternative on iOS, given custom keyboard limitations.

    bug iOS Waiting on feedback 
    opened by rob3c 46
  • Sftp cannot Connect

    Sftp cannot Connect

    I have configured my Raspberry pi so that it can be accessed via Sftp, which also works with other apps. Here, however, do I get the same error message every time?! 348C09FD-DA5E-4452-81C3-47ABCA34CDCD

    opened by NotClear 44
  • [Bug] iOS creating new entries in apps don't save

    [Bug] iOS creating new entries in apps don't save

    so I have encountered this twice recently. I created a new entry in app that I need to create password for. Mechanics are pretty basic:

    1-Open app - need to sign in or sign up 2-on sign in screen tap field for username to get "Passwords" option form QuickType 3-Tap Create new entry - give it a name user name and auto gen password 4-Tap save 5-Now click sign up 6-fields don't normally show Quicktype for whatever reason...annoying, but I digress. I switch over to Strongbox top copy password 7-Search for entry....no entry....

    Not sure if this Strongbox or limitation of Autofill/QuickType feature. Wonder if this is why some app use Share extensions instead. It's as though the entry is in memory, but never gets written out to the file.

    opened by georgesnow 40
  • Biometric Startup Lock failed on App Launch

    Biometric Startup Lock failed on App Launch

    In 1.42.0 for iOS there is a new bug. After starting the app I always get an error that Face ID unlock has failed or was cancelled and the blue Strongbox screen occurs. After cancelling the master password prompt and opening the database again Face ID works until the next app launch.

    bug iOS 
    opened by Slummi 36
  • Advanced Sync / Merge

    Advanced Sync / Merge

    KeePass sync involves comparing the database before writing changes back to it. Comparing records by UUID and timestamp, and then taking the latest entry, and moving the older staler entry to History. This allows for multiple editors to work on the Database and avoid sync conflicts.

    It would involve comparing the XML documents, and so applies only to KeePass 2 Databases. It also depends on the History feature which needs to be implemented separately. More info:

    https://keepass.info/help/v2/sync.html

    enhancement iOS 
    opened by mmcguill 36
  • Database list in auto fill dialogue is not up to date

    Database list in auto fill dialogue is not up to date

    If you rename or delete a database in Strongbox the changes aren't visible in the database view for auto fill. You still see the old database names and you can also access databases that have been deleted.

    @mmcguill I'll send you a video of this issue by mail.

    bug iOS 
    opened by Slummi 35
  • Protect App with a Password

    Protect App with a Password

    A password protection (TouchID/FaceID) for the app would be great to protect the locally stored data or the configurations for the cloud data within Strongbox. With a configurable number of failed attempts to open the app, the local data or configurations will be deleted.

    opened by MichiMunich 31
  • Audit Passwords

    Audit Passwords

    KeePass has an option to find duplicate passwords in your DB. It groups the entries with the same password by the password.

    I'm using it right now to try to finish them off and make every password unique finally.

    It's probably something every password manager should have.

    enhancement Mac 
    opened by mlfreeman2 29
  • Face ID Failed

    Face ID Failed

    Hi there,

    I'm getting this error multiple times a day. I've enabled the Quick launch & App lock: coalesce biometrics setting, and what happens is, i open the app and the first FaceID succeeds, then the quick launch database is automatically opened and i immediately see a second FaceID check which fails with this error message.

    Then, it asks me to manually enter the database password, and i click cancel. I click the database again, see FaceID again, and now it succeeds.

    The way i understand the setting, the second FaceID check should not even be happening?

    When this error happens, if i then close the app, lock the device, and then unlock the device, and open Strongbox again, i can no longer reproduce it: now i can open the app and the quick launch database will automatically open and it will only ask for the FaceID 1 time.

    This is happening on both the latest iOS and iPadOS beta's by the way, not sure if that's related.

    Strongbox Pro 1.53.0

    iOS 15.0 beta6 iPadOS 15.0 beta6 iPhone 12 Pro iPad Pro 12.9

    image

    opened by notDavid 27
  • Favicon Support

    Favicon Support

    Hello,

    I read an interesting idea at the Keepass Forum (sourceforge) and wanted to share it here & +1 it:

    Only a small thing: i used the favicon downloader for my windows keepass. In the app the favicons looks terrible. Is that a app or a resolution problem? Could you include a possibility to change or even mass download favicons, if a url is provided in the entry?

    enhancement Mac 
    opened by aNerdgirl 27
  • No Close button or icon after creating and commiting a new entry

    No Close button or icon after creating and commiting a new entry

    1. Create a new account entry
    2. Set up passwords and username et al as needed.
    3. Press Commit (not commit and close)

    There's now no obvious way to close the dialog. In fact, one has to press "cancel" but "Cancel" does not mean close. Cancel is assumed to mean cancel the operation — that is, don't create the entry.

    Either give the dialog a close button or better yet a platform appropriate close icon on the window or both.

    opened by elharo 5
  • Yubikey KeeChallenge remain the same after updating the database

    Yubikey KeeChallenge remain the same after updating the database

    What is the seed of the challenge-response implementation of Strongbox? As I tested, if I update the database using StrongBox, I can still use the old response + master pass to decrypt the latest database(using KeeWeb); this is not expected; KeeWeb's implementation regenerates the response codes after each saving.

    Is there any doc about the KeeChallenge implementation? Can StrongBox provide a way to rotate the challenge-response code?

    opened by gynet 5
  • Request: support multiple TOTP fields for an entry

    Request: support multiple TOTP fields for an entry

    Currently we can add only one TOTP per entry. It would be nice if we could add multiple TOTP codes for an entry. There are websites that requires this. For example kraken.com (crypto exchange website) uses several TOTP. One for founding, another for sign-in, yet another for trading and a 4th one for API key management

    opened by l4t3b0 1
  • Tag separator interoperability: `,` not recognized

    Tag separator interoperability: `,` not recognized

    Strongbox recognizes ; as a tag separator (in line with the available informal KDBX specs).

    The issue is that despite the spec, some clients (notably KeePassXC and keepassxc-cli) are saving tags with comma , separators. Opening such database in Strongbox results in a single concatenated tag for each entry, which is not usable: Screen Shot 2022-12-25 at 15 03 07 vs the expected: Screen Shot 2022-12-25 at 15 26 31

    Other clients resolve this by recognizing multiple tag separators:

    I wonder if Strongbox would be willing to also accept at least , (comma) for better tag interoperability with other clients?

    opened by vszakats 1
  • Change password style on the ‘create new entry’ dialogue

    Change password style on the ‘create new entry’ dialogue

    Hello!

    In iOS - When one creates a new entry from a create account screen (for example when signing up to a forum), it should be possible to change the password type (diceware, normal password - length etc) rather than having to exit the screen and manually changing it in the app when one realises you have the wrong type as default in the main app.

    I can’t see this as an option. Am I missing something?

    cheers. M

    opened by milesmcclane 1
Owner
Strongbox
A KeePass & Password Safe Password Manager
Strongbox
Util for generation RSA keys on your client and save to keychain or convert into Data 🔑 🔐

RSASwiftGenerator ?? ?? To run the example project, clone the repo, and run pod install from the Example directory first. Requirements ⚠️ SWIFT 4 XCod

null 21 Apr 30, 2022
RSA public/private key generation, RSA, AES encryption/decryption, RSA sign/verify in Swift with CommonCrypto in iOS and OS X

SwCrypt Create public and private RSA keys in DER format let (privateKey, publicKey) = try! CC.RSA.generateKeyPair(2048) Convert them to PEM format l

soyer 695 Dec 8, 2022
CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc

RNCryptor Cross-language AES Encryptor/Decryptor data format. The primary targets are Swift and Objective-C, but implementations are available in C, C

null 3.3k Jan 7, 2023
A simple and opinionated AES encrypt / decrypt Objective-C class that just works.

AESCrypt-ObjC - Simple AES encryption / decryption for iOS and OS X AESCrypt is a simple to use, opinionated AES encryption / decryption Objective-C c

Gurpartap Singh 782 Oct 12, 2022
A tiny and easy to use Swift class to encrypt strings using HMAC algorithms.

#Sweet HMAC SweetHMAC is a tiny and easy to use Swift class to encrypt strings using HMAC algorithms. A special thanks to jernejstrasner for shared HM

Jan Cássio 37 Jul 27, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 30, 2022
CryptoSwift is a growing collection of standard and secure cryptographic algorithms implemented in Swift

CryptoSwift Crypto related functions and helpers for Swift implemented in Swift. (#PureSwift) Note: The main branch follows the latest currently relea

Marcin Krzyzanowski 9.4k Jan 9, 2023
Simple and secure hashing in Swift with the SipHash algorithm

SipHash ⚠️ WARNING This package has been obsoleted by the Hasher type and the Hashable.hash(into:) requirement introduced in Swift 4.2. Using this pac

null 262 Dec 19, 2022
An easy way for hashing and encryption.

CatCrypto include a series of hashing and encryption functions and more functions in progress! CatCrypto also contains Swift bindings of Argon2, the p

Kcat 62 Sep 27, 2022
A framework for the JOSE standards JWS, JWE, and JWK written in Swift.

JOSESwift is a modular and extensible framework for the JOSE standards JWS, JWE, and JWK written in Swift. ?? Please note that this implementation of

Airside Mobile, Inc. 162 Dec 15, 2022
BitWiser - A simple library to help you in dealing with bytes, bits and nibbles

BitWiser Bitwiser is a collection of methods and properties that makes you work

Andrea Finollo 19 Dec 27, 2022
Demonstration library for using the Secure Enclave on iOS

SecureEnclaveCrypto This project shows you how to create a keypair where as the private key is stored in the secure enclave sign a string / some data

Trail of Bits 272 Jan 7, 2023
PassDrop is a fully-featured secure password management system, compatible with the free KeePass 1.x (Classic) and multi-platform KeePassX desktop applications.

passdrop This is a modern, updated build of Rudis Muiznieks's PassDrop application. PassDrop is a fully-featured secure password management system, co

Chad Austin 33 Sep 23, 2022
KeePassium is a KeePass-compatible password manager for iOS

KeePassium is a KeePass-compatible password manager for iOS. It offers automatic database synchronization, respect to privacy and premium user experience.

KeePassium 839 Jan 8, 2023
MiniKeePass provides secure password storage on your phone that's compatible with KeePass.

MiniKeePass MiniKeePass provides secure password storage on your phone that's compatible with KeePass. View, Edit, and Create KeePass 1.x and 2.x file

null 896 Dec 14, 2022
A custom TextField with a switchable icon which shows or hides the password and enforce good password policies

PasswordTextField A custom TextField with a switchable icon which shows or hides the password and enforces good password policies, written in Swift. ⭐

Chris Jimenez 304 Dec 29, 2022
A native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client built for iOS

A native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client built for iOS Built by Tijme Gommers – Buy me a coffee via P

Raivo OTP 770 Jan 8, 2023
Modern thread-safe and type-safe key-value observing for Swift and Objective-C

Now Archived and Forked PMKVObserver will not be maintained in this repository going forward. Please use, create issues on, and make PRs to the fork o

Postmates Inc. 708 Jun 29, 2022
A Protocol-Oriented NotificationCenter which is type safe, thread safe and with memory safety

A Protocol-Oriented NotificationCenter which is type safe, thread safe and with memory safety. Type Safe No more userInfo dictionary and Downcasting,

null 632 Dec 7, 2022
MemoryCache - type-safe, thread-safe memory cache class in Swift

MemoryCache is a memory cache class in swift. The MemoryCache class incorporates LRU policies, which ensure that a cache doesn’t

Yusuke Morishita 74 Nov 24, 2022