apollo13

Hi, every now and then Enpass crashes (Linux and Mac) and I am always submitting crash reports. Are you looking through those, is there any progress? There is no good way to reproduce the issue because it seems to happen for every action.

@Akasurde I only have what I shared. @Anshu kumar could you please provide some details on how the individual entries are encrypted?

Yes, I'd really like to see this option back again. It is good that enpass locks after a certain time of system inactivity; but it would help quite a bit if one could lock it after inactivity of enpass

@Vinod Kumar That is not true. There is functionality lost, tags do have to be unique now; so I cannot created tag1/subtag and tag2/subtag. Interestingly enough the upgrade did manage to create duplicate tags (from the old folder structure). But the UI does not allow to create such tags -- do you think you could remove this restriction?

Yeah, some FAQ or https://www.enpass.io/security would probably be a good place. Didn't get a time to look into the data inside the database, but I think the individual values might also be encrypted. That information should then get added too.

Hi @totkeks, yes, that was a copy & paste error in the forum. I've fixed my command in the previous post. I am not sure what to tell you but SQLCipher docs say: Given that the sha512 hash is longer I just truncated -- I just tried to open the file; not exactly sure what enpass actually wants to do EDIT:// I've verified that the full 64 bytes / 128 hex digits from my hashing do not open the sql database; you need to pass the truncated value. Also I am not sure that: holds, the SQLCipher docs say that they are converting the hex string back to bytes and using that as key instead of the hex string as bytes directly.

Hi @Vinod Kumar, good catch, that was my mistake. The final command: hashlib.pbkdf2_hmac('sha512', b'test123456', open('vault.enpassdb', 'rb').read(16), 100000).hex()[:64] So basically what Enpass uses as key: pbkdf2_hmac_sha512 with (currently) 100k iterations (see vault.json for the current count) the first 16 byte of the encrypted file as sault the result of the keyderivation is hex encoded and limited to 64 hex digits Thanks, Florian

Hi @Anshu kumar, I've used hashlib.pbkdf2_hmac('sha256', b'test123456', open('vault.enpassdb', 'rb').read(16), 100000).hex() now to generate the new key; I still get Error: file is encrypted or is not a database How is the password set? UTF-8 encoded bytes of the actual master password?

Hi @Anshu kumar, I've tried generating the key in python: In [9]: hashlib.pbkdf2_hmac('sha256', b'test123456', b'', 100000).hex() Out[9]: '88a4dbc9afab5c7fc7875a84b1a137478d9f7a74b4b0881d40bfaa5ecfb81c93' and then in sqlcipher: sqlite> PRAGMA key="x'88a4dbc9afab5c7fc7875a84b1a137478d9f7a74b4b0881d40bfaa5ecfb81c93'"; sqlite> SELECT count(*) FROM sqlite_master; Error: file is encrypted or is not a database what are you using as salt?

Hi, I am currently testing enpass 6 and parts of my tests included reading the actual encrypted SQLite database. I wasn't able to decrypt the files using the sqlcipher program: sqlcipher vault.enpassdb SQLCipher version 3.15.2 2016-11-28 19:13:37 Enter ".help" for instructions Enter SQL statements terminated with a ";" sqlite> PRAGMA key='test123456'; sqlite> PRAGMA kdf_iter=100000; sqlite> SELECT count(*) FROM sqlite_master; Error: file is encrypted or is not a database I have taken kdf_iter from the vault.json file next to the actual vault file. What am I missing? Are you no longer using SQLCipher? Thanks, Florian