Connection security

#1

I’m reffering to the Connection security settings of KeePassRPC described here:

In KeyFox I used the standard “Medium” Connection security level, the KeePassRPC key was therefore stored in the Firefox password storage file. Since I use a Firefox master password the key was stored encrypted.

After updating to Kee, the Connection security level seems to be changed to “Low”. In KeePass -> KeePassRPC Options -> Connection security the security level is still set to “Medium”. But I can’t find the Connection security settings in Kee anymore. And there is no entry in my Firefox Password Manager anymore (after I deteted the old one), so where is the KeePassRPC key stored now?

I only noticed the issue, because after updating to Kee, Firefox stopped asking for my Firefox Master Password when KeePass is running and I open Firefox.

Thank You.

Help and support
Help and support
#2

The Security settings may be changed in KeePass. Open KeePass, click on ‘Tools’ and then ‘KeePassRPC (KeeFox) Settings,’ and finally ‘Connection Security.’

Firefox’s password feature is disabled when Kee is installed as discussed here.

#3

@Megamind: Sorry, but you are wrong on both points.

I know how to change Connection Security settings in KeePass. As I wrote above, the Connection Security settings in KeePass are not the problem. They are already set to “Medium”, updating from KeeFox to Kee didn’t change this.
The Problem is the missing Connection Security setting option in Kee. Instead, there is a Connection Security query when I authorise a new connection (the dialog with the one-time password provided by KeePass). I chose “Medium”, but as described above, it doesn’t seem to have an effect.

And I know that firefox’s embedded password manager is disabled by Kee. That’s not the issue.
I was talking about the location, where the key for the connection between KeePassRPC and KeePass is stored.
Please read the section “Connection security” at the link I posted above.
With the “Medium” Connection Security setting, the key should be stored into the Firefox password storage file (Saved Logins). With KeeFox, this was the only thing stored there inside my Firefox (and encrypted with my Firefox Master Password).
On my machine, Kee doesn’t seem to store the KeePassRPC key there anymore, and I wonder where it is stored now?
Since I don’t have to type my Firefox Master Password everytime I open Firefox (in contrast to before updating to Kee), it obviously can’t be encrypted anymore, right?

Please look if there is something stored at Firefox’ Saved Logins? For me it was the old KeePassRPC key from KeeFox.
After deleting it, Kee (in contrast to the old KeeFox) doesn’t store the key there when I authorise a new connection. To authorise a new connection, revoke the “Kee” client inside KeePass (‘Tools’ -> ‘KeePassRPC (KeeFox) Options’ -> Authorised clients’).

1 Like
#4

Sorry, obviously I didn’t take enough to time to ensure I understood your question. I’ll take another look when I get back to my desk.

#5

With a more patient reading and two cups of coffee under my belt, I realize now how frustrating my response to you must have been. I hate it when I ask a clear question and get an answer like the one I posted here, so again, my apologies.

I am familiar with the information at the link you posted, and you’re right about the key not being stored in saved logins anymore, which in turns raises the question: where is it stored and is it (or can it) be encrypted by the user? Rather than me muddling things up further, I’ll just leave it to @luckyrat to jump in here with an answer when time permits.

#6

The key is now stored in the local storage location for Kee that Firefox provides us. This is isolated from other addons unlike the KeeFox “low and medium security” locations but no encryption option is supported (unless we implement it ourselves… but there is really no point in doing so since you might as well just reauthorise the connection every time using High security mode). Firefox also no longer offer integration with the master password feature.

Hence, while the concepts of low, medium and high can still apply to the KeePassRPC end of the connection, there is now really just a “medium” and “high” option for Kee - as indicated by the single checkbox that adjusts connection security behaviour when authorising the connection to KeePass.

1 Like
#7

Using an existing KeeFox installation migrated to Kee allows to continue using “Low” security in KeePass, while it seems there is no way to change this and connect to KeePass in this case with the new version. Is there any workaround to change manually this setting?
Thank you.

#8

@giccisw: I started a new topic here: Connection security
Do you have the same issue?

#9

More or less. I had KeePassRPC configured to Low and Kee in Firefox was cycling briefly showing the authentication window and then complaining that the connection was refused due to security setting. The problem is that to set it to “low” in Kee, I need to first let it connect to KeePassRPC, and this is impossible unless I revert to “medium” in KeePassRPC…
The bottom line is that the setting of the allowed security level should be in the global options page, not in the page that is shown when requesting the authentication code, when it is too late for the connection to happen.

#10

Did you get this fixed in the end?

It should be possible to fix any connection security issues by adjusting the two settings in the KeePassRPC settings dialog.

There may well be an edge case here relating to upgrading from KeeFox with a specific connection security configuration although I don’t think that should be sufficient to add the complexity of having a connection-related setting in a global context rather than in the local context where it has an effect.

#11

Yes, playing with the configuration I managed to let it connect and then switch back to Low security setting.
It was very confusing anyway, and it took some time to realize what was going on. In particular the flashing of the authentication window with that error was not clear.

1 Like