KeePass Multi RSA-Cert KeyProvider

MultiCertKeyProvider is a KeyProvider Plugin for KeePass.

It allows KeePass to use an AES-Key, which is encrypted with the X509-Certificate (use RSA-Keys) of one or more users stored in a XML-File ([database].kmx), as a master key source.

After the selection of a X509-Certificate, it searchs the XML-File for the certificates subject, gets the respective, encrpyted AES-Key and decrypt it with the certificate. KeePass will use the returned decrypted AES-Key along with the other given credentials (like password, keyfile) for encrypting your passwords.

Each XML-Entry within the XML-File represents one with a X509-Certificate encrypted AES-Key. For maintaining the XML-Entries within the XML-File, containing the AES-Key encrpyted with one or more X509-Certificates, the application KeyManagerRSA could be used (see Menu).

Example for the file content (simplified):

<keys>
   <key>
      <subject>User 1 </subject>
      <key>AESKey_encrypted_with_X509-Certificate</key>
   </key>
   <key>
      <subject>User 1+n </subject>
      <key>AESKey_encrypted_with_X509-Certificate</key>
   </key>
</keys>

For more information about KeePass Security, please have a look at the KeePass Security Page.

• Windows Operatingsystem
• KeePass (Version 2.0.9 or above, Download)
• X509-Certificate (with Usage DataEncipherment enabled)

The latest and most recent version can be found here (source).

Version 0.1
 - initial Version

Version 0.2
 - Changing file-extension from *.xml to *.kmx