2 # ABSTRACT: Encrypted databases to store secret text and files
7 use Crypt
::PRNG
qw(random_bytes);
8 use Devel
::GlobalDestruction
;
9 use File
::KDBX
::Constants
qw(:all);
10 use File
::KDBX
::Error
;
12 use File
::KDBX
::Util
qw(:class :coercion :empty :search :uuid erase simple_expression_query snakify);
13 use Hash
::Util
::FieldHash
qw(fieldhashes);
14 use List
::Util
qw(any first);
15 use Ref
::Util
qw(is_ref is_arrayref is_plain_hashref);
16 use Scalar
::Util
qw(blessed);
21 our $VERSION = '999.999'; # VERSION
24 fieldhashes \
my (%SAFE, %KEYS);
28 $kdbx = File
::KDBX-
>new(%attributes);
29 $kdbx = File
::KDBX-
>new($kdbx); # copy constructor
31 Construct a new L
<File
::KDBX
>.
39 return $_[0]->clone if @_ == 1 && blessed
$_[0] && $_[0]->isa($class);
41 my $self = bless {}, $class;
43 $self->_set_nonlazy_attributes if empty
$self;
47 sub DESTROY
{ local ($., $@, $!, $^E, $?); !in_global_destruction
and $_[0]->reset }
51 $kdbx = $kdbx->init(%attributes);
53 Initialize a L
<File
::KDBX
> with a set of attributes
. Returns itself to allow
method chaining
.
55 This
is called by L
</new
>.
63 @$self{keys %args} = values %args;
72 Set a L
<File
::KDBX
> to an empty
state, ready to load a KDBX file
or build a new one
. Returns itself to allow
79 erase
$self->headers->{+HEADER_INNER_RANDOM_STREAM_KEY
};
80 erase
$self->inner_headers->{+INNER_HEADER_INNER_RANDOM_STREAM_KEY
};
89 $kdbx_copy = $kdbx->clone;
90 $kdbx_copy = File
::KDBX-
>new($kdbx);
92 Clone a L
<File
::KDBX
>. The clone will be an exact copy
and completely independent of the original
.
99 return Storable
::dclone
($self);
102 sub STORABLE_freeze
{
108 return '', $copy, $KEYS{$self} // (), $SAFE{$self} // ();
119 @$self{keys %$clone} = values %$clone;
121 $SAFE{$self} = $safe;
123 # Dualvars aren't cloned as dualvars, so coerce the compression flags.
124 $self->compression_flags($self->compression_flags);
126 for my $object (@{$self->all_groups}, @{$self->all_entries(history
=> 1)}) {
127 $object->kdbx($self);
131 ##############################################################################
141 $kdbx = KDBX
::File-
>load(\
$string, $key);
142 $kdbx = KDBX
::File-
>load(*IO
, $key);
143 $kdbx = KDBX
::File-
>load($filepath, $key);
144 $kdbx->load(...); # also instance method
146 $kdbx = File
::KDBX-
>load_string($string, $key);
147 $kdbx = File
::KDBX-
>load_string(\
$string, $key);
148 $kdbx->load_string(...); # also instance method
150 $kdbx = File
::KDBX-
>load_file($filepath, $key);
151 $kdbx->load_file(...); # also instance method
153 $kdbx = File
::KDBX-
>load_handle($fh, $key);
154 $kdbx = File
::KDBX-
>load_handle(*IO
, $key);
155 $kdbx->load_handle(...); # also instance method
157 Load a KDBX file from a string buffer
, IO handle
or file from a filesystem
.
159 L
<File
::KDBX
::Loader
> does the heavy lifting
.
163 sub load
{ shift-
>_loader->load(@_) }
164 sub load_string
{ shift-
>_loader->load_string(@_) }
165 sub load_file
{ shift-
>_loader->load_file(@_) }
166 sub load_handle
{ shift-
>_loader->load_handle(@_) }
170 $self = $self->new if !ref $self;
171 require File
::KDBX
::Loader
;
172 File
::KDBX
::Loader-
>new(kdbx
=> $self);
183 $kdbx->dump(\
$string, $key);
184 $kdbx->dump(*IO
, $key);
185 $kdbx->dump($filepath, $key);
187 $kdbx->dump_string(\
$string, $key);
188 \
$string = $kdbx->dump_string($key);
190 $kdbx->dump_file($filepath, $key);
192 $kdbx->dump_handle($fh, $key);
193 $kdbx->dump_handle(*IO
, $key);
195 Dump a KDBX file to a string buffer
, IO handle
or file
in a filesystem
.
197 L
<File
::KDBX
::Dumper
> does the heavy lifting
.
201 sub dump { shift-
>_dumper->dump(@_) }
202 sub dump_string
{ shift-
>_dumper->dump_string(@_) }
203 sub dump_file
{ shift-
>_dumper->dump_file(@_) }
204 sub dump_handle
{ shift-
>_dumper->dump_handle(@_) }
208 $self = $self->new if !ref $self;
209 require File
::KDBX
::Dumper
;
210 File
::KDBX
::Dumper-
>new(kdbx
=> $self);
213 ##############################################################################
215 =method user_agent_string
217 $string = $kdbx->user_agent_string;
219 Get a text string identifying the database client software
.
223 sub user_agent_string
{
225 sprintf('%s/%s (%s/%s; %s/%s; %s)',
226 __PACKAGE__
, $VERSION, @Config::Config
{qw(package version osname osvers archname)});
229 has sig1
=> KDBX_SIG1
, coerce
=> \
&to_number
;
230 has sig2
=> KDBX_SIG2_2
, coerce
=> \
&to_number
;
231 has version
=> KDBX_VERSION_3_1
, coerce
=> \
&to_number
;
233 has inner_headers
=> {};
236 has deleted_objects
=> {};
237 has raw
=> coerce
=> \
&to_string
;
240 has 'headers.comment' => '', coerce
=> \
&to_string
;
241 has 'headers.cipher_id' => CIPHER_UUID_CHACHA20
, coerce
=> \
&to_uuid
;
242 has 'headers.compression_flags' => COMPRESSION_GZIP
, coerce
=> \
&to_compression_constant
;
243 has 'headers.master_seed' => sub { random_bytes
(32) }, coerce
=> \
&to_string
;
244 has 'headers.encryption_iv' => sub { random_bytes
(16) }, coerce
=> \
&to_string
;
245 has 'headers.stream_start_bytes' => sub { random_bytes
(32) }, coerce
=> \
&to_string
;
246 has 'headers.kdf_parameters' => sub {
248 KDF_PARAM_UUID
() => KDF_UUID_AES
,
249 KDF_PARAM_AES_ROUNDS
() => $_[0]->headers->{+HEADER_TRANSFORM_ROUNDS
} // KDF_DEFAULT_AES_ROUNDS
,
250 KDF_PARAM_AES_SEED
() => $_[0]->headers->{+HEADER_TRANSFORM_SEED
} // random_bytes
(32),
253 # has 'headers.transform_seed' => sub { random_bytes(32) };
254 # has 'headers.transform_rounds' => 100_000;
255 # has 'headers.inner_random_stream_key' => sub { random_bytes(32) }; # 64 ?
256 # has 'headers.inner_random_stream_id' => STREAM_ID_CHACHA20;
257 # has 'headers.public_custom_data' => {};
260 has 'meta.generator' => '', coerce
=> \
&to_string
;
261 has 'meta.header_hash' => '', coerce
=> \
&to_string
;
262 has 'meta.database_name' => '', coerce
=> \
&to_string
;
263 has 'meta.database_name_changed' => sub { gmtime }, coerce
=> \
&to_time
;
264 has 'meta.database_description' => '', coerce
=> \
&to_string
;
265 has 'meta.database_description_changed' => sub { gmtime }, coerce
=> \
&to_time
;
266 has 'meta.default_username' => '', coerce
=> \
&to_string
;
267 has 'meta.default_username_changed' => sub { gmtime }, coerce
=> \
&to_time
;
268 has 'meta.maintenance_history_days' => 0, coerce
=> \
&to_number
;
269 has 'meta.color' => '', coerce
=> \
&to_string
;
270 has 'meta.master_key_changed' => sub { gmtime }, coerce
=> \
&to_time
;
271 has 'meta.master_key_change_rec' => -1, coerce
=> \
&to_number
;
272 has 'meta.master_key_change_force' => -1, coerce
=> \
&to_number
;
273 # has 'meta.memory_protection' => {};
274 has 'meta.custom_icons' => [];
275 has 'meta.recycle_bin_enabled' => true
, coerce
=> \
&to_bool
;
276 has 'meta.recycle_bin_uuid' => UUID_NULL
, coerce
=> \
&to_uuid
;
277 has 'meta.recycle_bin_changed' => sub { gmtime }, coerce
=> \
&to_time
;
278 has 'meta.entry_templates_group' => UUID_NULL
, coerce
=> \
&to_uuid
;
279 has 'meta.entry_templates_group_changed' => sub { gmtime }, coerce
=> \
&to_time
;
280 has 'meta.last_selected_group' => UUID_NULL
, coerce
=> \
&to_uuid
;
281 has 'meta.last_top_visible_group' => UUID_NULL
, coerce
=> \
&to_uuid
;
282 has 'meta.history_max_items' => HISTORY_DEFAULT_MAX_ITEMS
, coerce
=> \
&to_number
;
283 has 'meta.history_max_size' => HISTORY_DEFAULT_MAX_SIZE
, coerce
=> \
&to_number
;
284 has 'meta.settings_changed' => sub { gmtime }, coerce
=> \
&to_time
;
285 # has 'meta.binaries' => {};
286 # has 'meta.custom_data' => {};
288 has 'memory_protection.protect_title' => false
, coerce
=> \
&to_bool
;
289 has 'memory_protection.protect_username' => false
, coerce
=> \
&to_bool
;
290 has 'memory_protection.protect_password' => true
, coerce
=> \
&to_bool
;
291 has 'memory_protection.protect_url' => false
, coerce
=> \
&to_bool
;
292 has 'memory_protection.protect_notes' => false
, coerce
=> \
&to_bool
;
293 # has 'memory_protection.auto_enable_visual_hiding' => false;
296 HEADER_TRANSFORM_SEED
,
297 HEADER_TRANSFORM_ROUNDS
,
298 HEADER_INNER_RANDOM_STREAM_KEY
,
299 HEADER_INNER_RANDOM_STREAM_ID
,
300 HEADER_PUBLIC_CUSTOM_DATA
,
302 sub _set_nonlazy_attributes
{
304 $self->$_ for list_attributes
(ref $self), @ATTRS;
307 =method memory_protection
309 \
%settings = $kdbx->memory_protection
310 $kdbx->memory_protection(\
%settings);
312 $bool = $kdbx->memory_protection($string_key);
313 $kdbx->memory_protection($string_key => $bool);
315 Get
or set memory protection settings
. This globally
(for the whole database
) configures whether
and which of
316 the standard strings should be memory-protected
. The
default setting
is to memory-protect only I
<Password
>
319 Memory protection can be toggled individually
for each entry string
, and individual settings
take precedence
320 over these global settings
.
324 sub memory_protection
{
326 $self->{meta
}{memory_protection
} = shift if @_ == 1 && is_plain_hashref
($_[0]);
327 return $self->{meta
}{memory_protection
} //= {} if !@_;
329 my $string_key = shift;
330 my $key = 'protect_' . lc($string_key);
332 $self->meta->{memory_protection
}{$key} = shift if @_;
333 $self->meta->{memory_protection
}{$key};
336 =method minimum_version
338 $version = $kdbx->minimum_version;
340 Determine the minimum file version required to save a database losslessly
. Using certain databases features
341 might increase this value
. For example
, setting the KDF to Argon2 will increase the minimum version to at
342 least C
<KDBX_VERSION_4_0
> (i
.e
. C
<0x00040000>) because Argon2 was introduced with KDBX4
.
344 This
method never returns less than C
<KDBX_VERSION_3_1
> (i
.e
. C
<0x00030001>). That file version
is so
345 ubiquitious
and well-supported
, there are seldom reasons to
dump in a lesser format nowadays
.
347 B
<WARNING
:> If you
dump a database with a minimum version higher than the current L
</version
>, the dumper will
348 typically issue a warning
and automatically upgrade the database
. This seems like the safest behavior
in order
349 to avoid data loss
, but lower versions have the benefit of being compatible with more software
. It
is possible
350 to prevent auto-upgrades by explicitly telling the dumper which version to
use, but you
do run the risk of
351 data loss
. A database will never be automatically downgraded
.
355 sub minimum_version
{
358 return KDBX_VERSION_4_1
if any
{
359 nonempty
$_->{last_modification_time
}
360 } values %{$self->custom_data};
362 return KDBX_VERSION_4_1
if any
{
363 nonempty
$_->{name
} || nonempty
$_->{last_modification_time
}
364 } @{$self->custom_icons};
366 return KDBX_VERSION_4_1
if any
{
367 nonempty
$_->previous_parent_group || nonempty
$_->tags ||
368 any
{ nonempty
$_->{last_modification_time
} } values %{$_->custom_data}
369 } @{$self->all_groups};
371 return KDBX_VERSION_4_1
if any
{
372 nonempty
$_->previous_parent_group || (defined $_->quality_check && !$_->quality_check) ||
373 any
{ nonempty
$_->{last_modification_time
} } values %{$_->custom_data}
374 } @{$self->all_entries(history
=> 1)};
376 return KDBX_VERSION_4_0
if $self->kdf->uuid ne KDF_UUID_AES
;
378 return KDBX_VERSION_4_0
if nonempty
$self->public_custom_data;
380 return KDBX_VERSION_4_0
if any
{
381 nonempty
$_->custom_data
382 } @{$self->all_groups}, @{$self->all_entries(history
=> 1)};
384 return KDBX_VERSION_3_1
;
387 ##############################################################################
391 $group = $kdbx->root;
394 Get
or set a database
's root group. You don't necessarily need to explicitly create
or set a root group
395 because it autovivifies
when adding entries
and groups to the database
.
397 Every database
has only a single root group at a
time. Some old KDB files might have multiple root groups
.
398 When reading such files
, a single implicit root group
is created to contain the actual root groups
. When
399 writing to such a format
, if the root group looks like it was implicitly created then it won
't be written and
400 the resulting file might have multiple root groups. This allows working with older files without changing
401 their written internal structure while still adhering to modern semantics while the database is opened.
403 The root group of a KDBX database contains all of the database's entries
and other groups
. If you replace the
404 root group
, you are essentially replacing the entire database contents with something
else.
411 $self->{root
} = $self->_wrap_group(@_);
412 $self->{root
}->kdbx($self);
414 $self->{root
} //= $self->_implicit_root;
415 return $self->_wrap_group($self->{root
});
420 return [] if !$self->{root
};
421 return $self->_has_implicit_root ? $self->root->groups : [$self->root];
424 sub _has_implicit_root
{
426 my $root = $self->root;
427 my $temp = __PACKAGE__-
>_implicit_root;
428 # If an implicit root group has been changed in any significant way, it is no longer implicit.
429 return $root->name eq $temp->name &&
430 $root->is_expanded ^ $temp->is_expanded &&
431 $root->notes eq $temp->notes &&
432 !@{$root->entries} &&
433 !defined $root->custom_icon_uuid &&
434 !keys %{$root->custom_data} &&
435 $root->icon_id == $temp->icon_id &&
436 $root->expires ^ $temp->expires &&
437 $root->default_auto_type_sequence eq $temp->default_auto_type_sequence &&
438 !defined $root->enable_auto_type &&
439 !defined $root->enable_searching;
444 require File
::KDBX
::Group
;
445 return File
::KDBX
::Group-
>new(
448 notes
=> 'Added as an implicit root group by '.__PACKAGE__
.'.',
449 ref $self ? (kdbx
=> $self) : (),
453 =method trace_lineage
455 \
@lineage = $kdbx->trace_lineage($group);
456 \
@lineage = $kdbx->trace_lineage($group, $base_group);
457 \
@lineage = $kdbx->trace_lineage($entry);
458 \
@lineage = $kdbx->trace_lineage($entry, $base_group);
460 Get the direct line of ancestors from C
<$base_group> (default: the root group
) to a group
or entry
. The
461 lineage includes the base group but I
<not> the target group
or entry
. Returns C
<undef> if the target
is not in
462 the database structure
.
469 return $object->lineage(@_);
477 push @lineage, $self->root if !@lineage;
478 my $base = $lineage[-1] or return [];
480 my $uuid = $object->uuid;
481 return \
@lineage if any
{ $_->uuid eq $uuid } @{$base->groups || []}, @{$base->entries || []};
483 for my $subgroup (@{$base->groups || []}) {
484 my $result = $self->_trace_lineage($object, @lineage, $subgroup);
485 return $result if $result;
489 ##############################################################################
493 $kdbx->add_group($group, %options);
494 $kdbx->add_group(%group_attributes, %options);
496 Add a group to a database
. This
is equivalent to identifying a parent group
and calling
497 L
<File
::KDBX
::Group
/add_group
> on the parent group
, forwarding the arguments
. Available options
:
500 * C<group> (aka C<parent>) - Group object or group UUID to add the group to (default: root group)
506 my $group = @_ % 2 == 1 ? shift : undef;
509 # find the right group to add the group to
510 my $parent = delete $args{group
} // delete $args{parent
} // $self->root;
511 ($parent) = $self->find_groups({uuid
=> $parent}) if !ref $parent;
512 $parent or throw
'Invalid group';
514 return $parent->add_group(defined $group ? $group : (), %args, kdbx
=> $self);
520 require File
::KDBX
::Group
;
521 return File
::KDBX
::Group-
>wrap($group, $self);
526 \
@groups = $kdbx->all_groups(%options);
527 \
@groups = $kdbx->all_groups($base_group, %options);
529 Get all groups deeply
in a database
, or all groups within a specified base group
, in a flat array
. Supported
533 * C<base> - Only include groups within a base group (same as C<$base_group>) (default: root)
534 * C<include_base> - Include the base group in the results (default: true)
540 my %args = @_ % 2 == 0 ? @_ : (base
=> shift, @_);
541 my $base = $args{base
} // $self->root;
544 # push @groups, $self->_wrap_group($base) if $args{include_base} // 1;
545 # push @groups, @{$base->all_groups};
547 my @groups = $args{include_base
} // 1 ? $self->_wrap_group($base) : ();
549 for my $subgroup (@{$base->{groups
} || []}) {
550 my $more = $self->all_groups($subgroup);
551 push @groups, @$more;
559 @groups = $kdbx->find_groups($query, %options);
561 Find all groups deeply that match to a query
. Options are the same as
for L
</all_groups
>.
563 See L
</QUERY
> for a description of what C
<$query> can be
.
569 my $query = shift or throw
'Must provide a query';
573 include_base
=> $args{include_base
},
575 return @{search
($self->all_groups(%all_groups), is_arrayref
($query) ? @$query : $query)};
578 ##############################################################################
582 $kdbx->add_entry($entry, %options);
583 $kdbx->add_entry(%entry_attributes, %options);
585 Add a entry to a database
. This
is equivalent to identifying a parent group
and calling
586 L
<File
::KDBX
::Group
/add_entry
> on the parent group
, forwarding the arguments
. Available options
:
589 * C<group> (aka C<parent>) - Group object or group UUID to add the entry to (default: root group)
595 my $entry = @_ % 2 == 1 ? shift : undef;
598 # find the right group to add the entry to
599 my $parent = delete $args{group
} // delete $args{parent
} // $self->root;
600 ($parent) = $self->find_groups({uuid
=> $parent}) if !ref $parent;
601 $parent or throw
'Invalid group';
603 return $parent->add_entry(defined $entry ? $entry : (), %args, kdbx
=> $self);
609 require File
::KDBX
::Entry
;
610 return File
::KDBX
::Entry-
>wrap($entry, $self);
615 \
@entries = $kdbx->all_entries(%options);
616 \
@entries = $kdbx->all_entries($base_group, %options);
618 Get entries deeply
in a database
, in a flat array
. Supported options
:
621 * C<base> - Only include entries within a base group (same as C<$base_group>) (default: root)
622 * C<auto_type> - Only include entries with auto-type enabled (default: false, include all)
623 * C<search> - Only include entries within groups with search enabled (default: false, include all)
624 * C<history> - Also include historical entries (default: false, include only active entries)
630 my %args = @_ % 2 == 0 ? @_ : (base
=> shift, @_);
632 my $base = $args{base
} // $self->root;
633 my $history = $args{history
};
634 my $search = $args{search
};
635 my $auto_type = $args{auto_type
};
637 my $enable_auto_type = $base->{enable_auto_type
} // true
;
638 my $enable_searching = $base->{enable_searching
} // true
;
641 if ((!$search || $enable_searching) && (!$auto_type || $enable_auto_type)) {
643 map { $self->_wrap_entry($_) }
644 grep { !$auto_type || $_->{auto_type
}{enabled
} }
645 map { $_, $history ? @{$_->{history
} || []} : () }
646 @{$base->{entries
} || []};
649 for my $subgroup (@{$base->{groups
} || []}) {
650 my $more = $self->all_entries($subgroup,
651 auto_type
=> $auto_type,
655 push @entries, @$more;
663 =method find_entries_simple
665 @entries = $kdbx->find_entries($query, %options);
667 @entries = $kdbx->find_entries_simple($expression, \
@fields, %options);
668 @entries = $kdbx->find_entries_simple($expression, $operator, \
@fields, %options);
670 Find all entries deeply that match a query
. Options are the same as
for L
</all_entries
>.
672 See L
</QUERY
> for a description of what C
<$query> can be
.
678 my $query = shift or throw
'Must provide a query';
682 auto_type
=> $args{auto_type
},
683 search
=> $args{search
},
684 history
=> $args{history
},
686 my $limit = delete $args{limit
};
687 if (defined $limit) {
688 return @{search_limited
($self->all_entries(%all_entries), is_arrayref
($query) ? @$query : $query, $limit)};
691 return @{search
($self->all_entries(%all_entries), is_arrayref
($query) ? @$query : $query)};
695 sub find_entries_simple
{
698 my $op = @_ && !is_ref
($_[0]) ? shift : undef;
700 is_arrayref
($fields) or throw
q{Usage: find_entries_simple($expression, [$op,] \@fields)};
701 return $self->find_entries([\
$text, $op, $fields], @_);
704 ##############################################################################
708 \
%icon = $kdbx->custom_icon($uuid);
709 $kdbx->custom_icon($uuid => \
%icon);
710 $kdbx->custom_icon(%icon);
711 $kdbx->custom_icon(uuid
=> $value, %icon);
713 Get
or set custom icons
.
719 my %args = @_ == 2 ? (uuid
=> shift, data
=> shift)
720 : @_ % 2 == 1 ? (uuid
=> shift, @_) : @_;
722 if (!$args{uuid
} && !$args{data
}) {
723 my %standard = (uuid
=> 1, data
=> 1, name
=> 1, last_modification_time
=> 1);
724 my @other_keys = grep { !$standard{$_} } keys %args;
725 if (@other_keys == 1) {
726 my $key = $args{key
} = $other_keys[0];
727 $args{data
} = delete $args{$key};
731 my $uuid = $args{uuid
} or throw
'Must provide a custom icon UUID to access';
732 my $icon = (first
{ $_->{uuid
} eq $uuid } @{$self->custom_icons}) // do {
733 push @{$self->custom_icons}, my $i = { uuid
=> $uuid };
738 $fields = $args{data
} if is_plain_hashref
($args{data
});
740 while (my ($field, $value) = each %$fields) {
741 $icon->{$field} = $value;
746 =method custom_icon_data
748 $image_data = $kdbx->custom_icon_data($uuid);
750 Get a custom icon image data
.
754 sub custom_icon_data
{
756 my $uuid = shift // return;
757 my $icon = first
{ $_->{uuid
} eq $uuid } @{$self->custom_icons} or return;
758 return $icon->{data
};
761 =method add_custom_icon
763 $uuid = $kdbx->add_custom_icon($image_data, %attributes);
765 Add a custom icon
and get its UUID
. If
not provided
, a random UUID will be generated
. Possible attributes
:
768 * C<uuid> - Icon UUID (default: autogenerated)
769 * C<name> - Name of the icon (text, KDBX4.1+)
770 * C<last_modification_time> - Just what it says (datetime, KDBX4.1+)
774 sub add_custom_icon
{
776 my $img = shift or throw
'Must provide image data';
779 my $uuid = $args{uuid
} // generate_uuid
;
780 push @{$self->custom_icons}, {
788 =method remove_custom_icon
790 $kdbx->remove_custom_icon($uuid);
792 Remove a custom icon
.
796 sub remove_custom_icon
{
800 @{$self->custom_icons} = grep { $_->{uuid
} eq $uuid ? do { push @deleted, $_; 0 } : 1 }
801 @{$self->custom_icons};
802 $self->add_deleted_object($uuid) if @deleted;
806 ##############################################################################
810 \
%all_data = $kdbx->custom_data;
811 $kdbx->custom_data(\
%all_data);
813 \
%data = $kdbx->custom_data($key);
814 $kdbx->custom_data($key => \
%data);
815 $kdbx->custom_data(%data);
816 $kdbx->custom_data(key
=> $value, %data);
818 Get
and set custom data
. Custom data
is metadata associated with a database
.
820 Each data item can have a few attributes associated with it
.
823 * C<key> - A unique text string identifier used to look up the data item (required)
824 * C<value> - A text string value (required)
825 * C<last_modification_time> (optional, KDBX4.1+)
831 $self->{meta
}{custom_data
} = shift if @_ == 1 && is_plain_hashref
($_[0]);
832 return $self->{meta
}{custom_data
} //= {} if !@_;
834 my %args = @_ == 2 ? (key
=> shift, value
=> shift)
835 : @_ % 2 == 1 ? (key
=> shift, @_) : @_;
837 if (!$args{key
} && !$args{value
}) {
838 my %standard = (key
=> 1, value
=> 1, last_modification_time
=> 1);
839 my @other_keys = grep { !$standard{$_} } keys %args;
840 if (@other_keys == 1) {
841 my $key = $args{key
} = $other_keys[0];
842 $args{value
} = delete $args{$key};
846 my $key = $args{key
} or throw
'Must provide a custom_data key to access';
848 return $self->{meta
}{custom_data
}{$key} = $args{value
} if is_plain_hashref
($args{value
});
850 while (my ($field, $value) = each %args) {
851 $self->{meta
}{custom_data
}{$key}{$field} = $value;
853 return $self->{meta
}{custom_data
}{$key};
856 =method custom_data_value
858 $value = $kdbx->custom_data_value($key);
860 Exactly the same as L
</custom_data
> except returns just the custom data
's value rather than a structure of
861 attributes. This is a shortcut for:
863 my $data = $kdbx->custom_data($key);
864 my $value = defined $data ? $data->{value} : undef;
868 sub custom_data_value {
870 my $data = $self->custom_data(@_) // return;
871 return $data->{value};
874 =method public_custom_data
876 \%all_data = $kdbx->public_custom_data;
877 $kdbx->public_custom_data(\%all_data);
879 $value = $kdbx->public_custom_data($key);
880 $kdbx->public_custom_data($key => $value);
882 Get and set public custom data. Public custom data is similar to custom data but different in some important
883 ways. Public custom data:
886 * can store strings, booleans and up to 64-bit integer values (custom data can only store text values)
887 * is NOT encrypted within a KDBX file (hence the "public" part of the name)
888 * is a plain hash/dict of key-value pairs with no other associated fields (like modification times)
892 sub public_custom_data {
894 $self->{headers}{+HEADER_PUBLIC_CUSTOM_DATA} = shift if @_ == 1 && is_plain_hashref($_[0]);
895 return $self->{headers}{+HEADER_PUBLIC_CUSTOM_DATA} //= {} if !@_;
897 my $key = shift or throw 'Must provide a public_custom_data key to access
';
898 $self->{headers}{+HEADER_PUBLIC_CUSTOM_DATA}{$key} = shift if @_;
899 return $self->{headers}{+HEADER_PUBLIC_CUSTOM_DATA}{$key};
902 ##############################################################################
909 # my %options = @_; # prefer_old / prefer_new
910 # $other->merge_from($self);
917 # die 'Not implemented
';
920 =method add_deleted_object
922 $kdbx->add_deleted_object($uuid);
924 Add a UUID to the deleted objects list. This list is used to support automatic database merging.
926 You typically do not need to call this yourself because the list will be populated automatically as objects
931 sub add_deleted_object {
935 # ignore null and meta stream UUIDs
936 return if $uuid eq UUID_NULL || $uuid eq '0' x 16;
938 $self->deleted_objects->{$uuid} = {
940 deletion_time => scalar gmtime,
944 =method remove_deleted_object
946 $kdbx->remove_deleted_object($uuid);
948 Remove a UUID from the deleted objects list. This list is used to support automatic database merging.
950 You typically do not need to call this yourself because the list will be maintained automatically as objects
955 sub remove_deleted_object {
958 delete $self->deleted_objects->{$uuid};
961 =method clear_deleted_objects
963 Remove all UUIDs from the deleted objects list. This list is used to support automatic database merging, but
964 if you don't need merging then you can clear deleted objects to reduce the database file size
.
968 sub clear_deleted_objects
{
970 %{$self->deleted_objects} = ();
973 ##############################################################################
975 =method resolve_reference
977 $string = $kdbx->resolve_reference($reference);
978 $string = $kdbx->resolve_reference($wanted, $search_in, $expression);
980 Resolve a L
<field reference
|https
://keepass
.info
/help/base
/fieldrefs
.html
>. A field reference
is a kind of
981 string placeholder
. You can
use a field reference to refer directly to a standard field within an entry
. Field
982 references are resolved automatically
while expanding entry strings
(i
.e
. replacing placeholders
), but you can
983 use this
method to resolve on-the-fly references that aren
't part of any actual string in the database.
985 If the reference does not resolve to any field, C<undef> is returned. If the reference resolves to multiple
986 fields, only the first one is returned (in the same order as L</all_entries>). To avoid ambiguity, you can
987 refer to a specific entry by its UUID.
989 The syntax of a reference is: C<< {REF:<WantedField>@<SearchIn>:<Text>} >>. C<Text> is a
990 L</"Simple Expression">. C<WantedField> and C<SearchIn> are both single character codes representing a field:
999 * C<O> - Other custom strings
1001 Since C<O> does not represent any specific field, it cannot be used as the C<WantedField>.
1005 To get the value of the I<UserName> string of the first entry with "My Bank" in the title:
1007 my $username = $kdbx->resolve_reference('{REF
:U
@T:"My Bank"}');
1008 # OR the {REF:...} wrapper is optional
1009 my $username = $kdbx->resolve_reference('U
@T:"My Bank"');
1010 # OR separate the arguments
1011 my $username = $kdbx->resolve_reference(U => T => '"My Bank"');
1013 Note how the text is a L</"Simple Expression">, so search terms with spaces must be surrounded in double
1016 To get the I<Password> string of a specific entry (identified by its UUID):
1018 my $password = $kdbx->resolve_reference('{REF
:P
@I:46C9B1FFBD4ABC4BBB260C6190BAD20C
}');
1022 sub resolve_reference {
1024 my $wanted = shift // return;
1025 my $search_in = shift;
1028 if (!defined $text) {
1029 $wanted =~ s/^\{REF:([^\}]+)\}$/$1/i;
1030 ($wanted, $search_in, $text) = $wanted =~ /^([TUPANI])\@([TUPANIO]):(.*)$/i;
1032 $wanted && $search_in && nonempty($text) or return;
1035 T => 'expanded_title
',
1036 U => 'expanded_username
',
1037 P => 'expanded_password
',
1038 A => 'expanded_url
',
1039 N => 'expanded_notes
',
1041 O => 'other_strings
',
1043 $wanted = $fields{$wanted} or return;
1044 $search_in = $fields{$search_in} or return;
1046 my $query = $search_in eq 'uuid
' ? query($search_in => uuid($text))
1047 : simple_expression_query($text, '=~', $search_in);
1049 my ($entry) = $self->find_entries($query, limit => 1);
1052 return $entry->$wanted;
1055 our %PLACEHOLDERS = (
1056 # placeholder => sub { my ($entry, $arg) = @_; ... };
1057 'TITLE
' => sub { $_[0]->expanded_title },
1058 'USERNAME
' => sub { $_[0]->expanded_username },
1059 'PASSWORD
' => sub { $_[0]->expanded_password },
1060 'NOTES
' => sub { $_[0]->expanded_notes },
1061 'S
:' => sub { $_[0]->string_value($_[1]) },
1062 'URL
' => sub { $_[0]->expanded_url },
1063 'URL
:RMVSCM
' => sub { local $_ = $_[0]->url; s!^[^:/\?\#]+://!!; $_ },
1064 'URL
:WITHOUTSCHEME
' => sub { local $_ = $_[0]->url; s!^[^:/\?\#]+://!!; $_ },
1065 'URL
:SCM
' => sub { (split_url($_[0]->url))[0] },
1066 'URL
:SCHEME
' => sub { (split_url($_[0]->url))[0] }, # non-standard
1067 'URL
:HOST
' => sub { (split_url($_[0]->url))[2] },
1068 'URL
:PORT
' => sub { (split_url($_[0]->url))[3] },
1069 'URL
:PATH
' => sub { (split_url($_[0]->url))[4] },
1070 'URL
:QUERY
' => sub { (split_url($_[0]->url))[5] },
1071 'URL
:HASH
' => sub { (split_url($_[0]->url))[6] }, # non-standard
1072 'URL
:FRAGMENT
' => sub { (split_url($_[0]->url))[6] }, # non-standard
1073 'URL
:USERINFO
' => sub { (split_url($_[0]->url))[1] },
1074 'URL
:USERNAME
' => sub { (split_url($_[0]->url))[7] },
1075 'URL
:PASSWORD
' => sub { (split_url($_[0]->url))[8] },
1076 'UUID
' => sub { local $_ = format_uuid($_[0]->uuid); s/-//g; $_ },
1077 'REF
:' => sub { $_[0]->kdbx->resolve_reference($_[1]) },
1078 'INTERNETEXPLORER
' => sub { load_optional('IPC
::Cmd
'); IPC::Cmd::can_run('iexplore
') },
1079 'FIREFOX
' => sub { load_optional('IPC
::Cmd
'); IPC::Cmd::can_run('firefox
') },
1080 'GOOGLECHROME
' => sub { load_optional('IPC
::Cmd
'); IPC::Cmd::can_run('google-chrome
') },
1081 'OPERA
' => sub { load_optional('IPC
::Cmd
'); IPC::Cmd::can_run('opera
') },
1082 'SAFARI
' => sub { load_optional('IPC
::Cmd
'); IPC::Cmd::can_run('safari
') },
1083 'APPDIR
' => sub { load_optional('FindBin
'); $FindBin::Bin },
1084 'GROUP
' => sub { my $p = $_[0]->parent; $p ? $p->name : undef },
1085 'GROUP_PATH
' => sub { $_[0]->path },
1086 'GROUP_NOTES
' => sub { my $p = $_[0]->parent; $p ? $p->notes : undef },
1095 'ENV
:' => sub { $ENV{$_[1]} },
1096 'ENV_DIRSEP
' => sub { load_optional('File
::Spec
')->catfile('', '') },
1097 'ENV_PROGRAMFILES_X86
' => sub { $ENV{'ProgramFiles
(x86
)'} || $ENV{'ProgramFiles
'} },
1100 'DT_SIMPLE
' => sub { localtime->strftime('%Y%m%d%H%M%S') },
1101 'DT_YEAR
' => sub { localtime->strftime('%Y') },
1102 'DT_MONTH
' => sub { localtime->strftime('%m') },
1103 'DT_DAY
' => sub { localtime->strftime('%d') },
1104 'DT_HOUR
' => sub { localtime->strftime('%H') },
1105 'DT_MINUTE
' => sub { localtime->strftime('%M') },
1106 'DT_SECOND
' => sub { localtime->strftime('%S') },
1107 'DT_UTC_SIMPLE
' => sub { gmtime->strftime('%Y%m%d%H%M%S') },
1108 'DT_UTC_YEAR
' => sub { gmtime->strftime('%Y') },
1109 'DT_UTC_MONTH
' => sub { gmtime->strftime('%m') },
1110 'DT_UTC_DAY
' => sub { gmtime->strftime('%d') },
1111 'DT_UTC_HOUR
' => sub { gmtime->strftime('%H') },
1112 'DT_UTC_MINUTE
' => sub { gmtime->strftime('%M') },
1113 'DT_UTC_SECOND
' => sub { gmtime->strftime('%S') },
1120 'HMACOTP
' => sub { $_[0]->hmac_otp },
1121 'TIMEOTP
' => sub { $_[0]->time_otp },
1122 'C
:' => sub { '' }, # comment
1130 ##############################################################################
1136 Encrypt all protected binaries strings in a database. The encrypted strings are stored in
1137 a L<File::KDBX::Safe> associated with the database and the actual strings will be replaced with C<undef> to
1138 indicate their protected state. Returns itself to allow method chaining.
1144 $SAFE{$self} = shift if @_;
1148 sub _remove_safe { delete $SAFE{$_[0]} }
1153 $self->_safe and return $self;
1157 my $entries = $self->all_entries(history => 1);
1158 for my $entry (@$entries) {
1159 push @strings, grep { $_->{protect} } values %{$entry->strings}, values %{$entry->binaries};
1162 $self->_safe(File::KDBX::Safe->new(\@strings));
1171 Decrypt all protected strings in a database, replacing C<undef> placeholders with unprotected values. Returns
1172 itself to allow method chaining.
1178 my $safe = $self->_safe or return $self;
1181 $self->_remove_safe;
1186 =method unlock_scoped
1188 $guard = $kdbx->unlock_scoped;
1190 Unlock a database temporarily, relocking when the guard is released (typically at the end of a scope). Returns
1191 C<undef> if the database is already unlocked.
1193 See L</lock> and L</unlock>.
1198 throw 'Programmer error
: Cannot call unlock_scoped
in void context
' if !defined wantarray;
1200 return if !$self->is_locked;
1201 require Scope::Guard;
1202 my $guard = Scope::Guard->new(sub { $self->lock });
1209 $string = $kdbx->peek(\%string);
1210 $string = $kdbx->peek(\%binary);
1212 Peek at the value of a protected string or binary without unlocking the whole database. The argument can be
1213 a string or binary hashref as returned by L<File::KDBX::Entry/string> or L<File::KDBX::Entry/binary>.
1220 my $safe = $self->_safe or return;
1221 return $safe->peek($string);
1226 $bool = $kdbx->is_locked;
1228 Get whether or not a database's strings are memory-protected
. If this
is true
, then some
or all of the
1229 protected strings within the database will be unavailable
(literally have C
<undef> values) until L
</unlock
> is
1234 sub is_locked
{ $_[0]->_safe ? 1 : 0 }
1236 ##############################################################################
1238 =method randomize_seeds
1240 $kdbx->randomize_seeds;
1242 Set various
keys, seeds
and IVs to random
values. These
values are used by the cryptographic functions that
1243 secure the database
when dumped
. The attributes that will be randomized are
:
1247 * L</inner_random_stream_key>
1249 * L</stream_start_bytes>
1250 * L</transform_seed>
1252 Randomizing these values has no effect on a loaded database. These are only used when a database is dumped.
1253 You normally do not need to call this method explicitly because the dumper does it explicitly by default.
1257 sub randomize_seeds
{
1259 $self->encryption_iv(random_bytes
(16));
1260 $self->inner_random_stream_key(random_bytes
(64));
1261 $self->master_seed(random_bytes
(32));
1262 $self->stream_start_bytes(random_bytes
(32));
1263 $self->transform_seed(random_bytes
(32));
1266 ##############################################################################
1271 $key = $kdbx->key($key);
1272 $key = $kdbx->key($primitive);
1274 Get
or set a L
<File
::KDBX
::Key
>. This
is the master key
(e
.g
. a password
or a key file that can decrypt
1275 a database
). See L
<File
::KDBX
::Key
/new
> for an explanation of what the primitive can be
.
1277 You generally don
't need to call this directly because you can provide the key directly to the loader or
1278 dumper when loading or dumping a KDBX file.
1284 $KEYS{$self} = File::KDBX::Key->new(@_) if @_;
1288 =method composite_key
1290 $key = $kdbx->composite_key($key);
1291 $key = $kdbx->composite_key($primitive);
1293 Construct a L<File::KDBX::Key::Composite> from a primitive. See L<File::KDBX::Key/new> for an explanation of
1294 what the primitive can be. If the primitive does not represent a composite key, it will be wrapped.
1296 You generally don't need to call this directly
. The parser
and writer
use it to transform a master key into
1297 a raw encryption key
.
1303 require File
::KDBX
::Key
::Composite
;
1304 return File
::KDBX
::Key
::Composite-
>new(@_);
1309 $kdf = $kdbx->kdf(%options);
1310 $kdf = $kdbx->kdf(\
%parameters, %options);
1312 Get a L
<File
::KDBX
::KDF
> (key derivation function
).
1317 * C<params> - KDF parameters, same as C<\%parameters> (default: value of L</kdf_parameters>)
1323 my %args = @_ % 2 == 1 ? (params
=> shift, @_) : @_;
1325 my $params = $args{params
};
1326 my $compat = $args{compatible
} // 1;
1328 $params //= $self->kdf_parameters;
1329 $params = {%{$params || {}}};
1331 if (empty
$params || !defined $params->{+KDF_PARAM_UUID
}) {
1332 $params->{+KDF_PARAM_UUID
} = KDF_UUID_AES
;
1334 if ($params->{+KDF_PARAM_UUID
} eq KDF_UUID_AES
) {
1335 # AES_CHALLENGE_RESPONSE is equivalent to AES if there are no challenge-response keys, and since
1336 # non-KeePassXC implementations don't support challenge-response keys anyway, there's no problem with
1337 # always using AES_CHALLENGE_RESPONSE for all KDBX4+ databases.
1338 # For compatibility, we should not *write* AES_CHALLENGE_RESPONSE, but the dumper handles that.
1339 if ($self->version >= KDBX_VERSION_4_0
) {
1340 $params->{+KDF_PARAM_UUID
} = KDF_UUID_AES_CHALLENGE_RESPONSE
;
1342 $params->{+KDF_PARAM_AES_SEED
} //= $self->transform_seed;
1343 $params->{+KDF_PARAM_AES_ROUNDS
} //= $self->transform_rounds;
1346 require File
::KDBX
::KDF
;
1347 return File
::KDBX
::KDF-
>new(%$params);
1350 sub transform_seed
{
1352 $self->headers->{+HEADER_TRANSFORM_SEED
} =
1353 $self->headers->{+HEADER_KDF_PARAMETERS
}{+KDF_PARAM_AES_SEED
} = shift if @_;
1354 $self->headers->{+HEADER_TRANSFORM_SEED
} =
1355 $self->headers->{+HEADER_KDF_PARAMETERS
}{+KDF_PARAM_AES_SEED
} //= random_bytes
(32);
1358 sub transform_rounds
{
1360 $self->headers->{+HEADER_TRANSFORM_ROUNDS
} =
1361 $self->headers->{+HEADER_KDF_PARAMETERS
}{+KDF_PARAM_AES_ROUNDS
} = shift if @_;
1362 $self->headers->{+HEADER_TRANSFORM_ROUNDS
} =
1363 $self->headers->{+HEADER_KDF_PARAMETERS
}{+KDF_PARAM_AES_ROUNDS
} //= 100_000;
1368 $cipher = $kdbx->cipher(key
=> $key);
1369 $cipher = $kdbx->cipher(key
=> $key, iv
=> $iv, uuid
=> $uuid);
1371 Get a L
<File
::KDBX
::Cipher
> capable of encrypting
and decrypting the body of a database file
.
1373 A key
is required
. This should be a raw encryption key made up of a fixed number of octets
(depending on the
1374 cipher
), not a L
<File
::KDBX
::Key
> or primitive
.
1376 If
not passed
, the UUID comes from C
<< $kdbx->headers->{cipher_id
} >> and the encryption IV comes from
1377 C
<< $kdbx->headers->{encryption_iv
} >>.
1379 You generally don
't need to call this directly. The parser and writer use it to decrypt and encrypt KDBX
1388 $args{uuid} //= $self->headers->{+HEADER_CIPHER_ID};
1389 $args{iv} //= $self->headers->{+HEADER_ENCRYPTION_IV};
1391 require File::KDBX::Cipher;
1392 return File::KDBX::Cipher->new(%args);
1395 =method random_stream
1397 $cipher = $kdbx->random_stream;
1398 $cipher = $kdbx->random_stream(id => $stream_id, key => $key);
1400 Get a L<File::KDBX::Cipher::Stream> for decrypting and encrypting protected values.
1402 If not passed, the ID and encryption key comes from C<< $kdbx->headers->{inner_random_stream_id} >> and
1403 C<< $kdbx->headers->{inner_random_stream_key} >> (respectively) for KDBX3 files and from
1404 C<< $kdbx->inner_headers->{inner_random_stream_key} >> and
1405 C<< $kdbx->inner_headers->{inner_random_stream_id} >> (respectively) for KDBX4 files.
1407 You generally don't need to call this directly
. The parser
and writer
use it to scramble protected strings
.
1415 $args{stream_id
} //= delete $args{id
} // $self->inner_random_stream_id;
1416 $args{key
} //= $self->inner_random_stream_key;
1418 require File
::KDBX
::Cipher
;
1419 File
::KDBX
::Cipher-
>new(%args);
1422 sub inner_random_stream_id
{
1424 $self->inner_headers->{+INNER_HEADER_INNER_RANDOM_STREAM_ID
}
1425 = $self->headers->{+HEADER_INNER_RANDOM_STREAM_ID
} = shift if @_;
1426 $self->inner_headers->{+INNER_HEADER_INNER_RANDOM_STREAM_ID
}
1427 //= $self->headers->{+HEADER_INNER_RANDOM_STREAM_ID
} //= do {
1428 my $version = $self->minimum_version;
1429 $version < KDBX_VERSION_4_0
? STREAM_ID_SALSA20
: STREAM_ID_CHACHA20
;
1433 sub inner_random_stream_key
{
1436 # These are probably the same SvPV so erasing one will CoW, but erasing the second should do the
1438 erase \
$self->inner_headers->{+INNER_HEADER_INNER_RANDOM_STREAM_KEY
};
1439 erase \
$self->headers->{+HEADER_INNER_RANDOM_STREAM_KEY
};
1440 $self->inner_headers->{+INNER_HEADER_INNER_RANDOM_STREAM_KEY
}
1441 = $self->headers->{+HEADER_INNER_RANDOM_STREAM_KEY
} = shift;
1443 $self->inner_headers->{+INNER_HEADER_INNER_RANDOM_STREAM_KEY
}
1444 //= $self->headers->{+HEADER_INNER_RANDOM_STREAM_KEY
} //= random_bytes
(64); # 32
1447 #########################################################################################
1450 # - Fixer tool. Can repair inconsistencies, including:
1451 # - Orphaned binaries... not really a thing anymore since we now distribute binaries amongst entries
1452 # - Unused custom icons (OFF, data loss)
1454 # - All data types are valid
1455 # - date times are correct
1457 # - All UUIDs refer to things that exist
1458 # - previous parent group
1460 # - last selected group
1461 # - last visible group
1462 # - Enforce history size limits (ON)
1463 # - Check headers/meta (ON)
1464 # - Duplicate deleted objects (ON)
1465 # - Duplicate window associations (OFF)
1466 # - Only one root group (ON)
1467 # - Header UUIDs match known ciphers/KDFs?
1470 #########################################################################################
1472 sub _handle_signal
{
1478 'entry.added' => \
&_handle_object_added
,
1479 'group.added' => \
&_handle_object_added
,
1480 'entry.removed' => \
&_handle_object_removed
,
1481 'group.removed' => \
&_handle_object_removed
,
1482 'entry.uuid.changed' => \
&_handle_entry_uuid_changed
,
1483 'group.uuid.changed' => \
&_handle_group_uuid_changed
,
1485 my $handler = $handlers{$type} or return;
1486 $self->$handler($object, @_);
1489 sub _handle_object_added
{
1492 $self->remove_deleted_object($object->uuid);
1495 sub _handle_object_removed
{
1498 my $old_uuid = $object->{uuid
} // return;
1500 my $meta = $self->meta;
1501 $self->recycle_bin_uuid(UUID_NULL
) if $old_uuid eq ($meta->{recycle_bin_uuid
} // '');
1502 $self->entry_templates_group(UUID_NULL
) if $old_uuid eq ($meta->{entry_templates_group
} // '');
1503 $self->last_selected_group(UUID_NULL
) if $old_uuid eq ($meta->{last_selected_group
} // '');
1504 $self->last_top_visible_group(UUID_NULL
) if $old_uuid eq ($meta->{last_top_visible_group
} // '');
1506 $self->add_deleted_object($old_uuid);
1509 sub _handle_entry_uuid_changed
{
1512 my $new_uuid = shift;
1513 my $old_uuid = shift // return;
1515 my $old_pretty = format_uuid
($old_uuid);
1516 my $new_pretty = format_uuid
($new_uuid);
1517 my $fieldref_match = qr/\{REF:([TUPANI])\@I:\Q$old_pretty\E\}/is;
1519 for my $entry (@{$self->all_entries}) {
1520 $entry->previous_parent_group($new_uuid) if $old_uuid eq ($entry->{previous_parent_group
} // '');
1522 for my $string (values %{$entry->strings}) {
1523 next if !defined $string->{value
} || $string->{value
} !~ $fieldref_match;
1524 my $txn = $entry->begin_work;
1525 $string->{value
} =~ s/$fieldref_match/{REF:$1\@I:$new_pretty}/g;
1531 sub _handle_group_uuid_changed
{
1534 my $new_uuid = shift;
1535 my $old_uuid = shift // return;
1537 my $meta = $self->meta;
1538 $self->recycle_bin_uuid($new_uuid) if $old_uuid eq ($meta->{recycle_bin_uuid
} // '');
1539 $self->entry_templates_group($new_uuid) if $old_uuid eq ($meta->{entry_templates_group
} // '');
1540 $self->last_selected_group($new_uuid) if $old_uuid eq ($meta->{last_selected_group
} // '');
1541 $self->last_top_visible_group($new_uuid) if $old_uuid eq ($meta->{last_top_visible_group
} // '');
1543 for my $group (@{$self->all_groups}) {
1544 $group->last_top_visible_entry($new_uuid) if $old_uuid eq ($group->{last_top_visible_entry
} // '');
1545 $group->previous_parent_group($new_uuid) if $old_uuid eq ($group->{previous_parent_group
} // '');
1547 for my $entry (@{$self->all_entries}) {
1548 $entry->previous_parent_group($new_uuid) if $old_uuid eq ($entry->{previous_parent_group
} // '');
1552 #########################################################################################
1556 A text string associated with the database
. Often unset
.
1560 The UUID of a cipher used to encrypt the database
when stored as a file
.
1562 See L
</File
::KDBX
::Cipher
>.
1564 =attr compression_flags
1566 Configuration
for whether
or not and how the database gets compressed
. See
1567 L
<File
::KDBX
::Constants
/":compression">.
1571 The master seed
is a string of
32 random bytes that
is used as salt
in hashing the master key
when loading
1572 and saving the database
. If a challenge-response key
is used
in the master key
, the master seed
is also the
1575 The master seed I
<should
> be changed
each time the database
is saved to file
.
1577 =attr transform_seed
1579 The transform seed
is a string of
32 random bytes that
is used
in the key derivation function
, either as the
1580 salt
or the key
(depending on the algorithm
).
1582 The transform seed I
<should
> be changed
each time the database
is saved to file
.
1584 =attr transform_rounds
1586 The number of rounds
or iterations used
in the key derivation function
. Increasing this number makes loading
1587 and saving the database slower by design
in order to make dictionary
and brute force attacks more costly
.
1591 The initialization vector used by the cipher
.
1593 The encryption IV I
<should
> be changed
each time the database
is saved to file
.
1595 =attr inner_random_stream_key
1597 The encryption key
(possibly including the IV
, depending on the cipher
) used to encrypt the protected strings
1598 within the database
.
1600 =attr stream_start_bytes
1602 A string of
32 random bytes written
in the header
and encrypted
in the body
. If the bytes
do not match
when
1603 loading a file then the wrong master key was used
or the file
is corrupt
. Only KDBX
2 and KDBX
3 files
use
1604 this
. KDBX
4 files
use an improved HMAC
method to verify the master key
and data integrity of the header
and
1607 =attr inner_random_stream_id
1609 A number indicating the cipher algorithm used to encrypt the protected strings within the database
, usually
1610 Salsa20
or ChaCha20
. See L
<File
::KDBX
::Constants
/":random_stream">.
1612 =attr kdf_parameters
1614 A hash
/dict of key-value pairs used to configure the key derivation function
. This
is the KDBX4
+ way to
1615 configure the KDF
, superceding L
</transform_seed> and L</transform_rounds
>.
1619 The name of the software used to generate the KDBX file
.
1623 The header hash used to verify that the file header
is not corrupt
. (KDBX
2 - KDBX
3.1, removed KDBX
4.0)
1627 Name of the database
.
1629 =attr database_name_changed
1631 Timestamp indicating
when the database name was
last changed
.
1633 =attr database_description
1635 Description of the database
1637 =attr database_description_changed
1639 Timestamp indicating
when the database description was
last changed
.
1641 =attr default_username
1643 When a new entry
is created
, the I
<UserName
> string will be populated with this value
.
1645 =attr default_username_changed
1647 Timestamp indicating
when the
default username was
last changed
.
1649 =attr maintenance_history_days
1651 TODO
... not really sure what this
is. 😀
1655 A color associated with the database
(in the form C
<#ffffff> where "f" is a hexidecimal digit). Some agents
1656 use this to help users visually distinguish between different databases
.
1658 =attr master_key_changed
1660 Timestamp indicating
when the master key was
last changed
.
1662 =attr master_key_change_rec
1664 Number of days
until the agent should prompt to recommend changing the master key
.
1666 =attr master_key_change_force
1668 Number of days
until the agent should prompt to force changing the master key
.
1670 Note
: This
is purely advisory
. It
is up to the individual agent software to actually enforce it
.
1671 C
<File
::KDBX
> does NOT enforce it
.
1673 =attr recycle_bin_enabled
1675 Boolean indicating whether removed groups
and entries should go to a recycle bin
or be immediately deleted
.
1677 =attr recycle_bin_uuid
1679 The UUID of a group used to store thrown-away groups
and entries
.
1681 =attr recycle_bin_changed
1683 Timestamp indicating
when the recycle bin was
last changed
.
1685 =attr entry_templates_group
1687 The UUID of a group containing template entries used
when creating new entries
.
1689 =attr entry_templates_group_changed
1691 Timestamp indicating
when the entry templates group was
last changed
.
1693 =attr last_selected_group
1695 The UUID of the previously-selected group
.
1697 =attr last_top_visible_group
1699 The UUID of the group visible at the top of the list
.
1701 =attr history_max_items
1703 The maximum number of historical entries allowed to be saved
for each entry
.
1705 =attr history_max_size
1707 The maximum total size
(in bytes
) that
each individual entry
's history is allowed to grow.
1709 =attr settings_changed
1711 Timestamp indicating when the database settings were last updated.
1715 Alias of the L</memory_protection> setting for the I<Title> string.
1717 =attr protect_username
1719 Alias of the L</memory_protection> setting for the I<UserName> string.
1721 =attr protect_password
1723 Alias of the L</memory_protection> setting for the I<Password> string.
1727 Alias of the L</memory_protection> setting for the I<URL> string.
1731 Alias of the L</memory_protection> setting for the I<Notes> string.
1735 #########################################################################################
1737 sub TO_JSON { +{%{$_[0]}} }
1742 =for Pod::Coverage STORABLE_freeze STORABLE_thaw TO_JSON
1748 my $kdbx = File::KDBX->new;
1750 my $group = $kdbx->add_group(
1751 name => 'Passwords
',
1754 my $entry = $group->add_entry(
1756 password => 's3cr3t
',
1759 $kdbx->dump_file('passwords
.kdbx
', 'M
@st3rP@ssw0rd!');
1761 $kdbx = File::KDBX->load_file('passwords
.kdbx
', 'M
@st3rP@ssw0rd!');
1763 for my $entry (@{ $kdbx->all_entries }) {
1764 say 'Entry
: ', $entry->title;
1769 B<File::KDBX> provides everything you need to work with a KDBX database. A KDBX database is a hierarchical
1770 object database which is commonly used to store secret information securely. It was developed for the KeePass
1771 password safe. See L</"KDBX Introduction"> for more information about KDBX.
1773 This module lets you query entries, create new entries, delete entries and modify entries. The distribution
1774 also includes various parsers and generators for serializing and persisting databases.
1776 This design of this software was influenced by the L<KeePassXC|https://github.com/keepassxreboot/keepassxc>
1777 implementation of KeePass as well as the L<File::KeePass> module. B<File::KeePass> is an alternative module
1778 that works well in most cases but has a small backlog of bugs and security issues and also does not work with
1779 newer KDBX version 4 files. If you're coming here from the B
<File
::KeePass
> world
, you might be interested
in
1780 L
<File
::KeePass
::KDBX
> that
is a drop-in replacement
for B
<File
::KeePass
> that uses B
<File
::KDBX
> for storage
.
1782 =head2 KDBX Introduction
1784 A KDBX database consists of a hierarchical I<group> of I<entries>. Entries can contain zero or more key-value
1785 pairs of I<strings> and zero or more I<binaries> (i.e. octet strings). Groups, entries, strings and binaries:
1786 that's the KDBX vernacular. A small amount of metadata (timestamps, etc.) is associated with each entry, group
1787 and the database as a whole.
1789 You can think of a KDBX database kind of like a file system, where groups are directories, entries are files,
1790 and strings and binaries make up a file's contents.
1792 Databases are typically persisted as a encrypted, compressed files. They are usually accessed directly (i.e.
1793 not over a network). The primary focus of this type of database is data security. It is ideal for storing
1794 relatively small amounts of data (strings and binaries) that must remain secret except to such individuals as
1795 have the correct I<master key>. Even if the database file were to be "leaked" to the public Internet, it
1796 should be virtually impossible to crack with a strong key. See L</SECURITY> for an overview of security
1801 =head2 Create a new database
1803 my $kdbx = File::KDBX->new;
1805 my $group = $kdbx->add_group(name => 'Passwords);
1806 my $entry = $group->add_entry(
1807 title => 'WayneCorp',
1808 username => 'bwayne',
1809 password => 'iambatman',
1810 url => 'https://example.com/login'
1812 $entry->add_auto_type_window_association('WayneCorp - Mozilla Firefox', '{PASSWORD}{ENTER}');
1814 $kdbx->dump_file('mypasswords.kdbx', 'master password CHANGEME');
1816 =head2 Read an existing database
1818 my $kdbx = File::KDBX->load_file('mypasswords.kdbx', 'master password CHANGEME');
1821 for my $entry (@{ $kdbx->all_entries }) {
1822 say 'Found password for ', $entry->title, ':';
1823 say ' Username: ', $entry->username;
1824 say ' Password: ', $entry->password;
1827 =head2 Search for entries
1829 my @entries = $kdbx->find_entries({
1830 title => 'WayneCorp',
1833 See L</QUERY> for many more query examples.
1835 =head2 Search for entries by auto-type window association
1837 my @entry_key_sequences = $kdbx->find_entries_for_window('WayneCorp - Mozilla Firefox');
1838 for my $pair (@entry_key_sequences) {
1839 my ($entry, $key_sequence) = @$pair;
1840 say 'Entry title: ', $entry->title, ', key sequence: ', $key_sequence;
1845 Entry title: WayneCorp, key sequence: {PASSWORD}{ENTER}
1849 One of the biggest threats to your database security is how easily the encryption key can be brute-forced.
1850 Strong brute-force protection depends on a couple factors:
1853 * Using unguessable passwords, passphrases and key files.
1854 * Using a brute-force resistent key derivation function.
1856 The first factor is up to you. This module does not enforce strong master keys. It is up to you to pick or
1857 generate strong keys.
1859 The KDBX format allows for the key derivation function to be tuned. The idea is that you want each single
1860 brute-foce attempt to be expensive (in terms of time, CPU usage or memory usage), so that making a lot of
1861 attempts (which would be required if you have a strong master key) gets I<really> expensive.
1863 How expensive you want to make each attempt is up to you and can depend on the application.
1865 This and other KDBX-related security issues are covered here more in depth:
1866 L<https://keepass.info/help/base/security.html>
1868 Here are other security risks you should be thinking about:
1872 This distribution uses the excellent L<CryptX> and L<Crypt::Argon2> packages to handle all crypto-related
1873 functions. As such, a lot of the security depends on the quality of these dependencies. Fortunately these
1874 modules are maintained and appear to have good track records.
1876 The KDBX format has evolved over time to incorporate improved security practices and cryptographic functions.
1877 This package uses the following functions for authentication, hashing, encryption and random number
1883 * Argon2d & Argon2id
1888 * Salsa20 & ChaCha20
1891 At the time of this writing, I am not aware of any successful attacks against any of these functions. These
1892 are among the most-analyzed and widely-adopted crypto functions available.
1894 The KDBX format allows the body cipher and key derivation function to be configured. If a flaw is discovered
1895 in one of these functions, you can hopefully just switch to a better function without needing to update this
1896 software. A later software release may phase out the use of any functions which are no longer secure.
1898 =head2 Memory Protection
1900 It is not a good idea to keep secret information unencrypted in system memory for longer than is needed. The
1901 address space of your program can generally be read by a user with elevated privileges on the system. If your
1902 system is memory-constrained or goes into a hibernation mode, the contents of your address space could be
1903 written to a disk where it might be persisted for long time.
1905 There might be system-level things you can do to reduce your risk, like using swap encryption and limiting
1906 system access to your program's address space while your program is running.
1908 B<File::KDBX> helps minimize (but not eliminate) risk by keeping secrets encrypted in memory until accessed
1909 and zeroing out memory that holds secrets after they're no longer needed, but it's not a silver bullet.
1911 For one thing, the encryption key is stored in the same address space. If core is dumped, the encryption key
1912 is available to be found out. But at least there is the chance that the encryption key and the encrypted
1913 secrets won't both be paged out while memory-constrained.
1915 Another problem is that some perls (somewhat notoriously) copy around memory behind the scenes willy nilly,
1916 and it's difficult know when perl makes a copy of a secret in order to be able to zero it out later. It might
1917 be impossible. The good news is that perls with SvPV copy-on-write (enabled by default beginning with perl
1918 5.20) are much better in this regard. With COW, it's mostly possible to know what operations will cause perl
1919 to copy the memory of a scalar string, and the number of copies will be significantly reduced. There is a unit
1920 test named F<t/memory-protection.t> in this distribution that can be run on POSIX systems to determine how
1921 well B<File::KDBX> memory protection is working.
1923 Memory protection also depends on how your application handles secrets. If your app code is handling scalar
1924 strings with secret information, it's up to you to make sure its memory is zeroed out when no longer needed.
1925 L<File::KDBX::Util/erase> et al. provide some tools to help accomplish this. Or if you're not too concerned
1926 about the risks memory protection is meant to mitigate, then maybe don't worry about it. The security policy
1927 of B<File::KDBX> is to try hard to keep secrets protected while in memory so that your app might claim a high
1928 level of security, in case you care about that.
1930 There are some memory protection strategies that B<File::KDBX> does NOT use today but could in the future:
1932 Many systems allow programs to mark unswappable pages. Secret information should ideally be stored in such
1933 pages. You could potentially use L<mlockall(2)> (or equivalent for your system) in your own application to
1934 prevent the entire address space from being swapped.
1936 Some systems provide special syscalls for storing secrets in memory while keeping the encryption key outside
1937 of the program's address space, like C<CryptProtectMemory> for Windows. This could be a good option, though
1938 unfortunately not portable.
1942 Several methods take a I<query> as an argument (e.g. L</find_entries>). A query is just a subroutine that you
1943 can either write yourself or have generated for you based on either a simple expression or a declarative
1944 structure. It's easier to have your query generated, so I'll cover that first.
1946 =head2 Simple Expression
1948 A simple expression is mostly compatible with the KeePass 2 implementation
1949 L<described here|https://keepass.info/help/base/search.html#mode_se>.
1951 An expression is a string with one or more space-separated terms. Terms with spaces can be enclosed in double
1952 quotes. Terms are negated if they are prefixed with a minus sign. A record must match every term on at least
1953 one of the given fields.
1955 So a simple expression is something like what you might type into a search engine. You can generate a simple
1956 expression query using L<File::KDBX::Util/simple_expression_query> or by passing the simple expression as
1957 a B<string reference> to search methods like L</find_entries>.
1959 To search for all entries in a database with the word "canyon" appearing anywhere in the title:
1961 my @entries = $kdbx->find_entries([ \'canyon', qw(title) ]);
1963 Notice the first argument is a B<stringref>. This diambiguates a simple expression from other types of queries
1966 As mentioned, a simple expression can have multiple terms. This simple expression query matches any entry that
1967 has the words "red" B<and> "canyon" anywhere in the title:
1969 my @entries = $kdbx->find_entries([ \'red canyon', qw(title) ]);
1971 Each term in the simple expression must be found for an entry to match.
1973 To search for entries with "red" in the title but B<not> "canyon", just prepend "canyon" with a minus sign:
1975 my @entries = $kdbx->find_entries([ \'red -canyon', qw(title) ]);
1977 To search over multiple fields simultaneously, just list them. To search for entries with "grocery" in the
1978 title or notes but not "Foodland":
1980 my @entries = $kdbx->find_entries([ \'grocery -Foodland', qw(title notes) ]);
1982 The default operator is a case-insensitive regexp match, which is fine for searching text loosely. You can use
1983 just about any binary comparison operator that perl supports. To specify an operator, list it after the simple
1984 expression. For example, to search for any entry that has been used at least five times:
1986 my @entries = $kdbx->find_entries([ \5, '>=', qw(usage_count) ]);
1988 It helps to read it right-to-left, like "usage_count is >= 5".
1990 If you find the disambiguating structures to be confusing, you can also the L</find_entries_simple> method as
1991 a more intuitive alternative. The following example is equivalent to the previous:
1993 my @entries = $kdbx->find_entries_simple(5, '>=', qw(usage_count));
1995 =head2 Declarative Query
1997 Structuring a declarative query is similar to L<SQL::Abstract/"WHERE CLAUSES">, but you don't have to be
1998 familiar with that module. Just learn by examples.
2000 To search for all entries in a database titled "My Bank":
2002 my @entries = $kdbx->find_entries({ title => 'My Bank' });
2004 The query here is C<< { title => 'My Bank' } >>. A hashref can contain key-value pairs where the key is
2005 a attribute of the thing being searched for (in this case an entry) and the value is what you want the thing's
2006 attribute to be to consider it a match. In this case, the attribute we're using as our match criteria is
2007 L<File::KDBX::Entry/title>, a text field. If an entry has its title attribute equal to "My Bank", it's
2010 A hashref can contain multiple attributes. The search candidate will be a match if I<all> of the specified
2011 attributes are equal to their respective values. For example, to search for all entries with a particular URL
2014 my @entries = $kdbx->find_entries({
2015 url => 'https://example.com',
2019 To search for entries matching I<any> criteria, just change the hashref to an arrayref. To search for entries
2020 with a particular URL B<OR> a particular username:
2022 my @entries = $kdbx->find_entries([ # <-- square bracket
2023 url => 'https://example.com',
2027 You can user different operators to test different types of attributes. The L<File::KDBX::Entry/icon_id>
2028 attribute is a number, so we should use a number comparison operator. To find entries using the smartphone
2031 my @entries = $kdbx->find_entries({
2032 icon_id => { '==', ICON_SMARTPHONE },
2035 Note: L<File::KDBX::Constants/ICON_SMARTPHONE> is just a constant from L<File::KDBX::Constants>. It isn't
2036 special to this example or to queries generally. We could have just used a literal number.
2038 The important thing to notice here is how we wrapped the condition in another arrayref with a single key-pair
2039 where the key is the name of an operator and the value is the thing to match against. The supported operators
2043 * C<eq> - String equal
2044 * C<ne> - String not equal
2045 * C<lt> - String less than
2046 * C<gt> - String greater than
2047 * C<le> - String less than or equal
2048 * C<ge> - String greater than or equal
2049 * C<==> - Number equal
2050 * C<!=> - Number not equal
2051 * C<< < >> - Number less than
2052 * C<< > >>> - Number greater than
2053 * C<< <= >> - Number less than or equal
2054 * C<< >= >> - Number less than or equal
2055 * C<=~> - String match regular expression
2056 * C<!~> - String does not match regular expression
2057 * C<!> - Boolean false
2058 * C<!!> - Boolean true
2060 Other special operators:
2063 * C<-true> - Boolean true
2064 * C<-false> - Boolean false
2065 * C<-not> - Boolean false (alias for C<-false>)
2066 * C<-defined> - Is defined
2067 * C<-undef> - Is not d efined
2068 * C<-empty> - Is empty
2069 * C<-nonempty> - Is not empty
2070 * C<-or> - Logical or
2071 * C<-and> - Logical and
2073 Let's see another example using an explicit operator. To find all groups except one in particular (identified
2074 by its L<File::KDBX::Group/uuid>), we can use the C<ne> (string not equal) operator:
2076 my ($group, @other) = $kdbx->find_groups({
2078 'ne' => uuid('596f7520-6172-6520-7370-656369616c2e'),
2081 if (@other) { say "Problem: there can be only one!" }
2083 Note: L<File::KDBX::Util/uuid> is a little helper function to convert a UUID in its pretty form into octets.
2084 This helper function isn't special to this example or to queries generally. It could have been written with
2085 a literal such as C<"\x59\x6f\x75\x20\x61...">, but that's harder to read.
2087 Notice we searched for groups this time. Finding groups works exactly the same as it does for entries.
2089 Testing the truthiness of an attribute is a little bit different because it isn't a binary operation. To find
2090 all entries with the password quality check disabled:
2092 my @entries = $kdbx->find_entries({ '!' => 'quality_check' });
2094 This time the string after the operator is the attribute name rather than a value to compare the attribute
2095 against. To test that a boolean value is true, use the C<!!> operator (or C<-true> if C<!!> seems a little too
2096 weird for your taste):
2098 my @entries = $kdbx->find_entries({ '!!' => 'quality_check' });
2099 my @entries = $kdbx->find_entries({ -true => 'quality_check' });
2101 Yes, there is also a C<-false> and a C<-not> if you prefer one of those over C<!>. C<-false> and C<-not>
2102 (along with C<-true>) are also special in that you can use them to invert the logic of a subquery. These are
2103 logically equivalent:
2105 my @entries = $kdbx->find_entries([ -not => { title => 'My Bank' } ]);
2106 my @entries = $kdbx->find_entries({ title => { 'ne' => 'My Bank' } });
2108 These special operators become more useful when combined with two more special operators: C<-and> and C<-or>.
2109 With these, it is possible to construct more interesting queries with groups of logic. For example:
2111 my @entries = $kdbx->find_entries({
2112 title => { '=~', qr/bank/ },
2115 notes => { '=~', qr/business/ },
2116 icon_id => { '==', ICON_TRASHCAN_FULL },
2121 In English, find entries where the word "bank" appears anywhere in the title but also do not have either the
2122 word "business" in the notes or is using the full trashcan icon.
2124 =head2 Subroutine Query
2126 Lastly, as mentioned at the top, you can ignore all this and write your own subroutine. Your subroutine will
2127 be called once for each thing being searched over. The single argument is the search candidate. The subroutine
2128 should match the candidate against whatever criteria you want and return true if it matches. The C<find_*>
2129 methods collect all matching things and return them.
2131 For example, to find all entries in the database titled "My Bank":
2133 my @entries = $kdbx->find_entries(sub { shift->title eq 'My Bank' });
2134 # logically the same as this declarative structure:
2135 my @entries = $kdbx->find_entries({ title => 'My Bank' });
2136 # as well as this simple expression:
2137 my @entries = $kdbx->find_entries([ \'My Bank', 'eq', qw{title} ]);
2139 This is a trivial example, but of course your subroutine can be arbitrarily complex.
2141 All of these query mechanisms described in this section are just tools, each with its own set of limitations.
2142 If the tools are getting in your way, you can of course iterate over the contents of a database and implement
2143 your own query logic, like this:
2145 for my $entry (@{ $kdbx->all_entries }) {
2146 if (wanted($entry)) {
2147 do_something($entry);
2156 Errors in this package are constructed as L<File::KDBX::Error> objects and propagated using perl's built-in
2157 mechanisms. Fatal errors are propagated using L<functions/die> and non-fatal errors (a.k.a. warnings) are
2158 propagated using L<functions/warn> while adhering to perl's L<warnings> system. If you're already familiar
2159 with these mechanisms, you can skip this section.
2161 You can catch fatal errors using L<functions/eval> (or something like L<Try::Tiny>) and non-fatal errors using
2162 C<$SIG{__WARN__}> (see L<variables/%SIG>). Examples:
2164 use File::KDBX::Error qw(error);
2166 my $key = ''; # uh oh
2168 $kdbx->load_file('whatever.kdbx', $key);
2170 if (my $error = error($@)) {
2171 handle_missing_key($error) if $error->type eq 'key.missing';
2175 or using C<Try::Tiny>:
2178 $kdbx->load_file('whatever.kdbx', $key);
2184 Catching non-fatal errors:
2187 local $SIG{__WARN__} = sub { push @warnings, $_[0] };
2189 $kdbx->load_file('whatever.kdbx', $key);
2191 handle_warnings(@warnings) if @warnings;
2193 By default perl prints warnings to C<STDERR> if you don't catch them. If you don't want to catch them and also
2194 don't want them printed to C<STDERR>, you can suppress them lexically (perl v5.28 or higher required):
2197 no warnings 'File::KDBX';
2204 local $File::KDBX::WARNINGS = 0;
2208 or globally in your program:
2210 $File::KDBX::WARNINGS = 0;
2212 You cannot suppress fatal errors, and if you don't catch them your program will exit.
2216 This software will alter its behavior depending on the value of certain environment variables:
2219 * C<PERL_FILE_KDBX_XS> - Do not use L<File::KDBX::XS> if false (default: true)
2220 * C<PERL_ONLY> - Do not use L<File::KDBX::XS> if true (default: false)
2221 * C<NO_FORK> - Do not fork if true (default: false)
2225 Some features (e.g. parsing) require 64-bit perl. It should be possible and actually pretty easy to make it
2226 work using L<Math::BigInt>, but I need to build a 32-bit perl in order to test it and frankly I'm still
2227 figuring out how. I'm sure it's simple so I'll mark this one "TODO", but for now an exception will be thrown
2228 when trying to use such features with undersized IVs.
2232 L<File::KeePass> is a much older alternative. It's good but has a backlog of bugs and lacks support for newer
2249 =attr deleted_objects
2253 $value = $kdbx->$attr;
2254 $kdbx->$attr($value);
2256 Get and set attributes.