Hi. kpcli does not work with the new KeePassX XML keys. There's a patch on CPAN that fixes it for me: https://rt.cpan.org/Public/Bug/Display.html?id=97055
I'd appreciate comments, tests, ok... Index: Makefile =================================================================== RCS file: /cvs/ports/textproc/p5-File-KeePass/Makefile,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 Makefile --- Makefile 1 May 2015 15:39:26 -0000 1.1.1.1 +++ Makefile 9 Jan 2016 17:57:30 -0000 @@ -6,6 +6,7 @@ MODULES = cpan DISTNAME = File-KeePass-2.03 CATEGORIES = textproc +REVISION = 0 # Artistic PERMIT_PACKAGE_CDROM = Yes Index: patches/patch-lib_File_KeePass_pm =================================================================== RCS file: patches/patch-lib_File_KeePass_pm diff -N patches/patch-lib_File_KeePass_pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-lib_File_KeePass_pm 9 Jan 2016 17:57:30 -0000 @@ -0,0 +1,55 @@ +$OpenBSD$ + +https://rt.cpan.org/Public/Bug/Display.html?id=97055 + +--- lib/File/KeePass.pm.orig Sun Sep 16 00:09:42 2012 ++++ lib/File/KeePass.pm Sat Jan 9 18:56:04 2016 +@@ -16,7 +16,7 @@ use constant DB_SIG_1 => 0x9AA2D903; + use constant DB_SIG_2_v1 => 0xB54BFB65; + use constant DB_SIG_2_v2 => 0xB54BFB67; + use constant DB_VER_DW_V1 => 0x00030002; +-use constant DB_VER_DW_V2 => 0x00030000; # recent KeePass is 0x0030001 ++use constant DB_VER_DW_V2 => 0x00030000; # recent KeePass is 0x00030001 + use constant DB_FLAG_RIJNDAEL => 2; + use constant DB_FLAG_TWOFISH => 8; + +@@ -148,7 +148,7 @@ sub _parse_v2_header { + my ($self, $buffer) = @_; + my %h = (version => 2, enc_type => 'rijndael'); + @h{qw(sig1 sig2 ver)} = unpack 'L3', $buffer; +- die "Unsupported file version2 ($h{'ver'}).\n" if $h{'ver'} & 0xFFFF0000 > 0x00020000 & 0xFFFF0000; ++ die "Unsupported file version2 ($h{'ver'}).\n" if ($h{'ver'} & 0xFFFF0000) > (DB_VER_DW_V2 & 0xFFFF0000); + my $pos = 12; + + while (1) { +@@ -602,16 +602,17 @@ sub _master_key { + if (length($file) == 64) { + $file = join '', map {chr hex} ($file =~ /\G([a-f0-9A-F]{2})/g); + } elsif (length($file) != 32) { +- $file = sha256($file); ++ $file = eval{ $self->decode_base64( $self->parse_xml($file)->{Key}{Data} ) } ++ // sha256($file); + } + } + my $key = (!$pass && !$file) ? die "One or both of password or key file must be passed\n" +- : ($head->{'version'} && $head->{'version'} eq '2') ? sha256(grep {$_} $pass, $file) ++ : ($head->{'version'} && $head->{'version'} > 1) ? sha256(grep {$_} $pass, $file) + : ($pass && $file) ? sha256($pass, $file) : $pass ? $pass : $file; + $head->{'enc_iv'} ||= join '', map {chr rand 256} 1..16; +- $head->{'seed_rand'} ||= join '', map {chr rand 256} 1..($head->{'version'} && $head->{'version'} eq '2' ? 32 : 16); ++ $head->{'seed_rand'} ||= join '', map {chr rand 256} 1..($head->{'version'} && $head->{'version'} > 1 ? 32 : 16); + $head->{'seed_key'} ||= sha256(time.rand(2**32-1).$$); +- $head->{'rounds'} ||= $self->{'rounds'} || ($head->{'version'} && $head->{'version'} eq '2' ? 6_000 : 50_000); ++ $head->{'rounds'} ||= $self->{'rounds'} || ($head->{'version'} && $head->{'version'} > 1 ? 6_000 : 50_000); + + my $cipher = Crypt::Rijndael->new($head->{'seed_key'}, Crypt::Rijndael::MODE_ECB()); + $key = $cipher->encrypt($key) for 1 .. $head->{'rounds'}; +@@ -643,7 +644,7 @@ sub gen_db { + die "Please unlock before calling gen_db\n" if $self->is_locked($groups); + + srand(rand(time() ^ $$)) if ! $self->{'no_srand'}; +- if ($v eq '2') { ++ if ($v > 1) { + return $self->_gen_v2_db($pass, $head, $groups); + } else { + return $self->_gen_v1_db($pass, $head, $groups); -- Antoine
