Introduction
Password Safe is an open source password manager available for download at Sourceforge, written in MFC/C++. This is a useful program, but I had a need to integrate the possibility to import such content to my online password manager which uses a format based on Encrypted XML.
There are many potentially creative things to do with Password Safe files, but many such ideas may be stopped by the apparent difficulty of decrypting and interpreting the database format used. This library provides an easy to use interface, patterned on the general .NET Framework readers, such as XmlReader
.
Background
Read the background of Password Safe at their Web site, but briefly this originated as a product from Bruce Schneier, at Counterpane who subsequently published the source code, and it now lives an independent life at Sourceforge.
The code presented only implements a PasswordSafeReader
at this time, but it should be relatively trivial to follow the general implementation pattern to make a PasswordSafeWriter
. If anyone makes such a beast, I'll be happy to integrate the source.
Using the Code
The solution in the source code package contains two projects, one for the actual library, one for a simple demo and test using the NUnit framework to demonstrate usage as well as to provide a validation of the implementation.
The basic reader loop, devoid of error checking (the reader will throw InvalidDataException
for a bad key or bad database format, and InvalidOperationException
for an internal implementation error) can look like this:
PasswordSafeHeader header;
List<PasswordSafeRecord> records = new List<PasswordSafeRecord>();
using (PasswordSafeReader reader = new PasswordSafeReader(stream))
{
reader.SetPassphrase(password);
while (reader.Read())
{
switch (reader.CurrentPartType)
{
case PasswordSafePartType.Header:
header = reader.Header;
break;
case PasswordSafePartType.Record:
records.Add(reader.Record);
break;
default:
break;
}
}
}
Points of Interest
An interesting discovery when implementing this code was that I discovered a minor security flaw in the format. The database is encrypted and also protected with a keyed hash, an HMAC to ensure the integrity of the data. The problem is that the HMAC does not actually protect all the bits it should, it does not protect the format meta data, i.e. record lengths and field type codes. The real-world risk of this is low, since it is all encrypted, but it's still a flaw.
Password Safe has gone through several generations, this code implements the Version 3 format which, among other things of note, uses the Twofish block cipher for encryption. The Twofish implementation used was written by Shaun Wilde.
The source code as published here is licensed under the GPL version 3.0 - but if this is a problem for your project, in most cases I'll be happy to license it to you for free under less restrictive terms. Just send me an e-mail.
History
- 16th October, 2007: This is version 1.0.0.0