keepassxc 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 6c60203ef5b9cdcd3cbabce41a9712e62d35793cbc5f5a3cb40070a45acee25d
+  data.tar.gz: e23b41982c3bec59afff4a50230fa31e00172c51949749e9ac27d3477a94a434
+SHA512:
+  metadata.gz: 8737d87a03efbcb532f225cee2eb22ead55449944fc0c5b53b366b8bf922a4fb8197834e4d520061e0bfca1bda19b634de87bedda13df56fb789ad4a8edc213c
+  data.tar.gz: a2be3cf5b98ed7e63c65097882b391dd3faef90d0ee3345b6389575412ce70770bb561d79e37f91bce162fb323682047ab247cea4bb72601776a3a7fd55dfaf7

data/README.md

@@ -0,0 +1,41 @@
+# KeypassXC Ruby binding
+
+You want to fetch login data as the browsers do. Then this is for you.
+Similar to my https://github.com/Kjarrigan/keepasshttp-ruby repo.
+
+## Work in progress
+
+A coworker just asked me wether I have use the keepassxc-cli but it requires
+to enter a password every time which is annoying and then I remembered my
+keepasshttp-ruby binding and it turns out this is no longer the desired way
+for KeepassXC. So why not make the new version work. Yay!
+
+## Links
+
+Some things have changed but the rough idea is the same. So I can probably copy
+over quite a bit of context.
+
+* [My HTTP Code](https://github.com/Kjarrigan/keepasshttp-ruby/blob/master/lib/keepasshttp.rb)
+* [The official protocal docs](https://github.com/keepassxreboot/keepassxc-browser/blob/develop/keepassxc-protocol.md)
+
+## Basic communication snippet
+
+It is already working now! Altough some comfort is still missing, you can already register your client and
+fetch logins. Yay!
+
+```ruby
+load 'test.rb'
+
+kpx = KeepassXC.new client_identifier: KEY_FROM_ASSOCIATE_OR_DB, client_name: ID_FROM_ASSOCIATE_OR_DB
+kpx.change_public_keys
+# kpx.associate
+kpx.test_associate
+p kpx.get_logins 'https://github.com'
+```
+
+You can check what clients are already registered in your DB via the GUI like this:
+* Database
+* Database-Settings
+* Browser-Integration
+
+Technically you could even re-use the Key/ID from your browser by just copying them from there.

data/exe/keepassxc-rb

@@ -0,0 +1,17 @@
+require 'keepassxc'
+
+name = ARGV[1] || `hostname`.chomp
+
+cfg = KeepassXC::KeyStore.find_or_create
+kpx = KeepassXC::Client.new client_name: name
+kpx.change_public_keys
+if cfg.profiles[name]
+  kpx.client_identifier = cfg.profiles[name]
+else
+  kpx.associate
+  cfg.profiles[name] = kpx.client_identifier
+  cfg.save
+end
+kpx.test_associate
+
+puts kpx.get_logins(ARGV[0]).first['password']

data/keepassxc.gemspec

@@ -0,0 +1,24 @@
+require_relative 'lib/keepassxc/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'keepassxc'
+  spec.version       = KeepassXC::VERSION
+  spec.authors       = ['Holger Arndt']
+  spec.email         = ['keepassxc-ruby@kjarrigan.de']
+
+  spec.summary       = %q{Ruby bindings for the KeepassXC Browser API}
+  spec.description   = %q{Ruby bindings for the KeepassXC Browser API}
+  spec.homepage      = 'https://github.com/Kjarrigan/keepassxc-ruby'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = spec.homepage
+  spec.metadata['changelog_uri'] = spec.homepage
+
+  spec.files         = Dir.chdir(__dir__) do
+    `git ls-files`.split("\n").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = %w{keepassxc-rb}
+  spec.require_paths = ['lib']
+end

data/lib/keepassxc.rb

@@ -0,0 +1,14 @@
+require 'socket'
+require 'json'
+
+# TODO, replace this with openssl
+require 'rbnacl'
+
+module KeepassXC
+  class Error < StandardError; end
+
+  autoload :Client, 'keepassxc/client'
+  autoload :Helper, 'keepassxc/helper'
+  autoload :KeyStore, 'keepassxc/key_store'
+  autoload :VERSION, 'keepassxc/version'
+end

data/lib/keepassxc/client.rb

@@ -0,0 +1,100 @@
+require_relative 'helper'
+
+module KeepassXC
+  class Client
+    include Helper
+
+    attr_accessor :client_id, :client_identifier, :client_name
+
+    def initialize(client_identifier: nil, client_name: nil)
+      @client_id = generate_nonce
+      user_id = `id -u`.chomp.to_i
+      @sock = UNIXSocket.new("/run/user/#{user_id}/org.keepassxc.KeePassXC.BrowserServer")
+      @private_key = RbNaCl::PrivateKey.generate
+      @client_identifier = client_identifier || to_b64(@private_key.public_key)
+      @client_name = client_name
+    end
+
+    def generate_nonce
+      to_b64 RbNaCl::Random.random_bytes
+    end
+
+    def change_public_keys
+      resp = send_msg(
+        action: 'change-public-keys',
+        publicKey: to_b64(@private_key.public_key),
+        nonce: generate_nonce,
+        clientID: @client_id
+      )
+      @session = RbNaCl::SimpleBox.from_keypair(resp['publicKey'].unpack1('m*'), @private_key)
+
+      resp
+    end
+
+    def associate
+      resp = send_encrypted_msg(
+        'action' => 'associate',
+        'key' => to_b64(@private_key.public_key),
+        'idKey' => @client_identifier
+      )
+      @client_name = resp['id']
+
+      resp
+    end
+
+    def test_associate
+      send_encrypted_msg(
+        'action' => 'test-associate',
+        'key' => @client_identifier,
+        'id' => @client_name
+      )
+    end
+
+    def get_logins(url)
+      send_encrypted_msg(
+        'action' => 'get-logins',
+        'url' => url,
+        'keys' => [
+          {
+            'id' => @client_name,
+            'key' => @client_identifier
+          }
+        ]
+      )['entries']
+    end
+
+    def send_encrypted_msg(msg)
+      nonce, enc = encrypt(msg)
+
+      send_msg(
+        action: msg['action'],
+        message: to_b64(enc),
+        nonce: to_b64(nonce),
+        clientID: client_id
+      )
+    end
+
+    def encrypt(msg)
+      crypt = @session.box(JSON.dump(msg.transform_keys(&:to_s)))
+      nonce = crypt.slice!(0, RbNaCl::SecretBox.nonce_bytes)
+
+      [nonce, crypt]
+    end
+
+    def decrypt(msg, nonce:)
+      @session.decrypt(from_b64(nonce) + from_b64(msg))
+    end
+
+    def send_msg(msg)
+      @sock.send(JSON.dump(msg.transform_keys(&:to_s)), 0)
+      json = @sock.recvfrom(4096).first
+      resp = JSON.parse(json)
+
+      raise Error, resp['error'] if resp.key?('error')
+      resp = JSON.parse(decrypt(resp['message'], nonce: resp['nonce'])) if resp.key?('message')
+      binding.irb if resp['success'] != 'true'
+
+      resp
+    end
+  end
+end

data/lib/keepassxc/helper.rb

@@ -0,0 +1,11 @@
+module KeepassXC
+  module Helper
+    def to_b64(string)
+      [string].pack('m*').chomp
+    end
+
+    def from_b64(string)
+      string.unpack1('m*')
+    end
+  end
+end

data/lib/keepassxc/key_store.rb

@@ -0,0 +1,50 @@
+require 'fileutils'
+require 'json'
+
+module KeepassXC
+  class KeyStore
+    attr_reader :path
+
+    DEFAULT_PATH = File.join(Dir.home, '.config', 'keepassxc-rb')
+    def initialize(path: DEFAULT_PATH)
+      @path = path
+    end
+
+    def create
+      unless exist?
+        FileUtils.mkdir_p File.dirname(path)
+        File.write(path, JSON.dump(profiles: {}))
+      end
+      File.chmod(0600, path) unless secure?
+    end
+
+    def self.find_or_create(path: DEFAULT_PATH)
+      storage = new(path: path)
+      storage.create
+      storage
+    end
+
+    def raw
+      @raw ||= JSON.load_file(path)
+    rescue Errno::ENOENT
+      @raw = {}
+    end
+
+    def profiles
+      raw['profiles']
+    end
+
+    def save
+      create
+      File.write(path, JSON.dump(raw))
+    end
+
+    def secure?
+      File.stat(path).mode == 0600
+    end
+
+    def exist?
+      File.exist?(path)
+    end
+  end
+end

data/lib/keepassxc/version.rb

@@ -0,0 +1,3 @@
+module KeepassXC
+  VERSION = '0.1.0'
+end

metadata

@@ -0,0 +1,54 @@
+--- !ruby/object:Gem::Specification
+name: keepassxc
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Holger Arndt
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2021-04-16 00:00:00.000000000 Z
+dependencies: []
+description: Ruby bindings for the KeepassXC Browser API
+email:
+- keepassxc-ruby@kjarrigan.de
+executables:
+- keepassxc-rb
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- exe/keepassxc-rb
+- keepassxc.gemspec
+- lib/keepassxc.rb
+- lib/keepassxc/client.rb
+- lib/keepassxc/helper.rb
+- lib/keepassxc/key_store.rb
+- lib/keepassxc/version.rb
+homepage: https://github.com/Kjarrigan/keepassxc-ruby
+licenses: []
+metadata:
+  homepage_uri: https://github.com/Kjarrigan/keepassxc-ruby
+  source_code_uri: https://github.com/Kjarrigan/keepassxc-ruby
+  changelog_uri: https://github.com/Kjarrigan/keepassxc-ruby
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Ruby bindings for the KeepassXC Browser API
+test_files: []