URL Cert KeyProvider Plugin
URLCertKeyProvider is a KeyProvider Plugin for KeePass and is an advancement of the MultiCertKeyProvider-Plugin.
URLCertKeyProvider allows KeePass to use an AES-Key, encrypted with the X509-Certificate (RSA) of a user, as a master key source. A description of this process can be found at the webpage for MultiCertKeyProvider.
The difference between the two Plugins is how they gets the XML-Dataset containing the encrypted AES-Key. As MultiCertkeyProviders reads a local keyfile containing multiple datasets, URLCertKeyProvider gets this only the needed XML-Dataset with the encrypted AES-Key from a webserver after a successful SSL-Authentication.
The components on the webserver are a PHPScript and a keyfile created with KeyManagerRSA.
The Process works like this :
1. The Plugin requests the PHP-Script from the webserver. For authentication against the webserver it uses the X509-Zertificate chosen by the user.
2. The PHP-Script searches for an entry for the provided X509-Certicate within its local keyfile and send a respective XML-Dataset back to the Plugin. This dataset contains the found encrypted AES-Key.
3. The Plugin decrypts the AES-Key with the private part of the X509-Certicate and returns it to keepass.
Requirements
- Windows Operatingsystem
- KeePass (Version 2.0.9 or above, Download)
- X509-Certificate (with Usage DataEncipherment enabled)
- WebServer with PHP and SLL-Authentication