From 5bc79fefc91e0cd36c9f9b22d740e4ca24004a84 Mon Sep 17 00:00:00 2001 From: PastaPastaPasta <6443210+PastaPastaPasta@users.noreply.github.com> Date: Wed, 22 Dec 2021 03:53:11 -0600 Subject: [PATCH] Remove KeePass integration (#4628) * Remove KeePass integration This integration is not actively supported. It has zero tests, little documentation, and has not really been actively maintained. As far as I can tell, noone uses this integration, and even if they do, they will simply have to copy/paste password from keepass instead of using this integration. * continued --- doc/keepass.md | 58 ---- src/Makefile.am | 2 - src/dummywallet.cpp | 6 - src/init.cpp | 2 - src/keepass.cpp | 568 -------------------------------------- src/keepass.h | 133 --------- src/logging.cpp | 1 - src/logging.h | 3 +- src/util/system.cpp | 3 - src/util/system.h | 1 - src/wallet/init.cpp | 13 - src/wallet/rpcwallet.cpp | 57 ---- src/wallet/wallet.cpp | 56 +--- src/walletinitinterface.h | 1 - 14 files changed, 3 insertions(+), 901 deletions(-) delete mode 100644 doc/keepass.md delete mode 100644 src/keepass.cpp delete mode 100644 src/keepass.h diff --git a/doc/keepass.md b/doc/keepass.md deleted file mode 100644 index 70165a9d79..0000000000 --- a/doc/keepass.md +++ /dev/null @@ -1,58 +0,0 @@ -### What is it about - -More info regarding KeePass: http://keepass.info/ - -KeePass integration use KeePassHttp (https://github.com/pfn/keepasshttp/) to facilitate communications between the client and KeePass. KeePassHttp is a plugin for KeePass 2.x and provides a secure means of exposing KeePass entries via HTTP for clients to consume. - -The implementation is dependent on the following: - - crypter.h for AES encryption helper functions. - - rpcprotocol.h for handling RPC communications. Could only be used partially however due some static values in the code. - - OpenSSL for base64 encoding. regular util.h libraries were not used for base64 encoding/decoding since they do not use secure allocation. - - JSON Spirit for reading / writing RPC communications - -### A note about security - -Every connection to KeePassHTTP server is done via plain HTTP and even though protocol uses some internal encryption it should not be considered to be a highly secure one. This protocol has certain flaw which allow an attacker to decrypt your passwords when they manage to intercept communication between a KeePassHTTP server over a network connection (see [here](https://github.com/pfn/keepasshttp/issues/258) and [here](https://github.com/keepassxreboot/keepassxc/issues/147)). Dash Core therefore strictly limits communication between itself and KeePassHttp to your local computer. As long as your computer is not compromised, your wallet passphrase is as safe as if you would enter it directly. - -### What's new - -The following new options are available for dashd and dash-qt: - - _-keepass_ Use KeePass 2 integration using KeePassHttp plugin (default: 0) - - _-keepassport=_ Connect to KeePassHttp on port (default: 19455) - - _-keepasskey=_ KeePassHttp key for AES encrypted communication with KeePass - - _-keepassid=_ KeePassHttp id for the established association - - _-keepassname=_ Name to construct url for KeePass entry that stores the wallet passphrase - -The following rpc commands are available: - - - _keepass genkey_: generates a base64 encoded 256 bit AES key that can be used for the communication with KeePassHttp. Only necessary for manual configuration. Use init for automatic configuration. - - _keepass init_: sets up the association between dashd and keepass by generating an AES key and sending an association message to KeePassHttp. This will trigger KeePass to ask for an Id for the association. Returns the association and the base64 encoded string for the AES key. - - _keepass setpassphrase_: updates the passphrase in KeePassHttp to a new value. This should match the passphrase you intend to use for the wallet. Please note that the standard RPC commands _walletpassphrasechange_ and the wallet encryption from the QT GUI already send the updates to KeePassHttp, so this is only necessary for manual manipulation of the password. - -### How to setup - -Sample initialization flow from _dash-qt_ console (this needs to be done only once to set up the association): - - - Have KeePass running with an open database - - Start _dash-qt_ - - Open console - - Type "_keepass init_" in dash-qt console - - Keepass pops up and asks for an association id, fill that in, for example, "_mydrkwallet_" - - You should get a response like this "_Association successful. Id: mydrkwalletdash - Key: AgQkcs6cI7v9tlSYKjG/+s8wJrGALHl3jLosJpPLzUE=_" - - Edit _dash.conf_ and fill in these values -``` -keepass=1 -keepasskey=AgQkcs6cI7v9tlSYKjG/+s8wJrGALHl3jLosJpPLzUE= -keepassid=mydrkwallet -keepassname=testwallet -``` - - Restart _dash-qt_ - -At this point, the association is made. The next action depends on your particular situation: - - - current wallet is not yet encrypted. Encrypting the wallet will trigger the integration and stores the password in KeePass (Under the '_KeePassHttp Passwords_' group, named after _keepassname_. - - current wallet is already encrypted: use "_keepass setpassphrase_" to store the passphrase in KeePass. - -At this point, the passphrase is stored in KeePassHttp. When Unlocking the wallet, one can use _keepass_ as the passphrase to trigger retrieval of the password. This works from the RPC commands as well as the GUI. - -Extended guide with screenshots is also available: https://www.dash.org/forum/threads/keepass-integration.3620/ diff --git a/src/Makefile.am b/src/Makefile.am index dfd7ee2006..87086c0f41 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -199,7 +199,6 @@ BITCOIN_CORE_H = \ interfaces/wallet.h \ key.h \ key_io.h \ - keepass.h \ keystore.h \ dbwrapper.h \ limitedmap.h \ @@ -463,7 +462,6 @@ libdash_wallet_a_SOURCES = \ coinjoin/options.cpp \ coinjoin/util.cpp \ interfaces/wallet.cpp \ - keepass.cpp \ wallet/coincontrol.cpp \ wallet/crypter.cpp \ wallet/db.cpp \ diff --git a/src/dummywallet.cpp b/src/dummywallet.cpp index db01288850..757c3c45a3 100644 --- a/src/dummywallet.cpp +++ b/src/dummywallet.cpp @@ -23,7 +23,6 @@ public: // Dash Specific WalletInitInterface InitCoinJoinSettings void AutoLockMasternodeCollaterals() const override {} void InitCoinJoinSettings() const override {} - void InitKeePass() const override {} bool InitAutoBackup() const override {return true;} }; @@ -55,11 +54,6 @@ void DummyWalletInit::AddWalletOptions() const "-mnemonic=", "-mnemonicpassphrase=", "-usehd", - "-keepass", - "-keepassid=", - "-keepasskey=", - "-keepassname=", - "-keepassport=", "-enablecoinjoin", "-coinjoinamount=", "-coinjoinautostart", diff --git a/src/init.cpp b/src/init.cpp index 8fbad41b5f..0211fd4e56 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -1757,8 +1757,6 @@ bool AppInitMain(InitInterfaces& interfaces) } } - // Initialize KeePass Integration - g_wallet_init_interface.InitKeePass(); // ********************************************************* Step 6: network initialization // Note that we absolutely cannot open any actual connections // until the very end ("start node") as the UTXO/block state diff --git a/src/keepass.cpp b/src/keepass.cpp deleted file mode 100644 index 6fbf80f9d5..0000000000 --- a/src/keepass.cpp +++ /dev/null @@ -1,568 +0,0 @@ -// Copyright (c) 2014-2020 The Dash Core developers -// Distributed under the MIT/X11 software license, see the accompanying -// file COPYING or http://www.opensource.org/licenses/mit-license.php. - -#include - -#include -#include -#include -#include -#include - -// Necessary to prevent compile errors due to forward declaration of -//CScript in serialize.h (included from crypter.h) -#include