One of the things I love most about the Internet is the great diversity of websites and services available at our fingertips. But with these websites and services comes the need for authentication. Passwords. And ID’s. And with each website, we need to remember the site’s URL, the ID we used, and the password we assigned it. That’s a LOT of information. So, it’s helpful to have software to keep track of it all.
I use an open source program called KeePassX. It’s available for Mac, Linux and Windows. But it’s a desktop application, rather than a website; and that becomes a problem as I move between my work computer, and my home machine. I have two copies of KeePassX, and, inevitably, they become out of sync.
Yesterday I spent quite some time merging the two databases, and I’m documenting it here for the next time I may need it, and for others who may run into the same issue.
First step, export both databases to XML. We’ll call them db1.xml and db2.xml. Copy or move these files to the same directory.
Next, make sure you have Python 2.5 or better installed on your system. I’m running OSX, and have Python 2.7. Here’s one instructional post on installing Python on OSX; you may want to find others using your favourite search engine. You’ll also need to find others if you’re using Windows or Linux.
The reason you want Python on your system, is because we have a Python script which performs the merge of the two XML databases. I found this script on the KeePassX forums. Copy this script into the same directory as the db1.xml and db2.xml files. Name it whatever you want; I used kpmerger.py.
The script requires three parameters: the first two are the XML databases to be merged; and the third is the destination, or merged, database. It too will be an XML file. So I used this command:
python kpmerger.py db1.xml db2.xml db3.xml
At first I ran into some issues, which boiled down to malformed XML. It turns out the XML export doesn’t take into account the data we put in the database. For instance, it may not be UTF-8 compatible. So I had to mess around a little with a few of the entries in the source XML files. But once that was straightened out, the script printed notices for each change it performed, and ended.
My db3.xml file was now in the directory with the other two XML files.
The next step was to import the merged XML file into KeePassX, and test that the data was as expected.
(Remember to erase your XML files, because they list your passwords in cleartext. If you’ve a mind to, perhaps even scrub the disk. This means overwriting the section of disk where the files were written. If you know how to do that, please share how in the comments.)
There was one more step. The latest version of KeePassX is currently 2.0.2. I’d been using 0.3.1 (from 2008), which was also very much out of date for the older version of the program. The latest version for KeePassX 1 is 0.4.4.
The conversion to KeePassX 2 is very easy: open the new KeePassX 2 program, and click the Database | Import KeePassX 1 database menu item, then follow the instructions.
If you’re running KeePassX 2, there is a built-in synchronization facility described here.
I should also mention there are online services which perform similar work to KeePassX. In the past I’ve used LastPass. My boss at Tucows favoured 1Password. Others have used RoboForm. This is not an exhaustive list.
I used Keepass as well and had similar issues. I prefer not to use an online service other than standard tools on my own servers, so I eventually switched to “password-store” or just “pass”, with the qtpass front end on my windows machines.
It uses gpg for storage, can use hardware keys, and can use git for sync. Since git uses ssh and ssh can use gpg keys, you can use one hardware key for all of it. Very very secure and easy. So easy, I got my wife using it as well, and all her stuff is now in sync and backed up too.
Cool. Have to look into this. Though at this point, I have so much in KeepPassX I’d have to find a conversion tool. Or write one.