Tag Archives: javascript

KeeFox 0.4 source code released

The latest version of KeeFox (0.4)  is now ready. The source code is now contained within a public subversion (SVN) code repository at https://keefox.svn.sourceforge.net/svnroot/keefox/

You could start by downloading the binary version (Windows only). I can’t promise it will work and I’m sure it’s not necessary for me to suggest early and regular backups of any important data on your machine so I won’t. It is in the form of a Firefox add-on but please only install it on a development Firefox user profile because it’s not been tested alongside many other add-ons and data loss is a possibility. I have done limited testing as an administrator on a 32bit Win XP machine with .NET, KeePass 2.06 and Firefox 3.0.5 already installed. I recommend reading the information on this KeeFox project page first. Please let me know if you do try it out and say how successful it was and what environment you were working in.

There were two main groups of tasks I wanted to finish by version 0.4: an installation process via a firefox add-on and a very basic UI to allow passwords to be saved and filled in. These have been pretty much finished although there are a number of little tweaks still to be made and there will no doubt be gradual improvements to both of these aspects for many months to come.

There are a number of main tasks I want to get finished before the release of 0.5:

  1. Handle multiple KeePass databases (or at the very least, don’t crash in their presence!)
  2. Develop the UI far enough that using and saving passwords is pretty intuitive
  3. Create an options panel to allow the user to manage some configurable add-on options
  4. Create a UI for the user to choose to load a site and auto-login (in the form of a drop down menu)
  5. Extend (4) to integrate with the user’s bookmarks (and history) probably via a customised firefox places view with annotations

The last three tasks can be separated from the other parts of the code easily enough so I think that they are ideal candidates for other people to help with. They will be written using mainly javascript and XUL, with CSS being required at a later date too (although this can be added by me or someone else if you prefer). If you’re interested in knowing more about what’s involved, leave a comment below or contact me.

I’m not updating the road-map for this release because I feel that the above list is more useful in the short term; in the long term I’m aiming to start using a public task tracker for version 0.6 onwards. The rough ideas in the road-map still apply, although I think it’s unlikely I’ll catch up the extra month it took to reach the 0.4 stage so it may be more realistic to expect a final release in late summer 2009. Of course, if I get a lot of help, this could be brought forward a bit!

If I get no offers of help for the three items mentioned above by the end of January 2009, I’ll start work on them myself and I roughly estimate that 0.5 would be released in mid-March. If others can help out then it could happen around a month earlier.

The version 0.4 code may be useful for:

  • developers that are keen to learn more about how KeeFox will be architected
  • developers that would like to help develop KeeFox, maybe through one of the tasks described above

Developers that are interested in seeing how a Firefox C++ XPCOM extension can be built using Visual Studio 2008, have a particular interest in seeing an ICE IPC example or are looking for ideas about how to integrate third party software with Firefox could also find it useful although version 0.2 may be a better place to start since it is less specific to the eventual aims of this project.

Compilation requirements and guidelines are on the sourceforge KeeFox project site

KeeFox 0.2 source code released

KeeFox 0.2 has been released.

I was just about to get stuck into writing the actual code that will handle reading and writing passwords from KeePass to/from Firefox but thought it might be a good time to take a new source code snapshot and call it version 0.2 so the code is now available from the KeeFox sourceforge project website

I’ve also updated the roadmap at KeeFox task list

There’s still nothing much to look at from an end-user perspective and I’ve now abandoned the idea of integrating directly with the existing Firefox 3 login manager becuase it is not completely suitable (see Who will implement nsILoginManagerStorage? for a more in depth reason).

I think I’ve identified a pretty workable installation process which should get new users up and running with minimal fuss – I’ve done enough work on this so I can be confident it will work but there are still a few missing links that I will fill in over the coming months.

As with 0.1, I’ve not really tested the compiled application at all so I would recommend restricting yourself to just reading the source code (and maybe attempting a compilation) for a little while longer.

The code may be useful for:

  • developers that are keen to learn more about how KeeFox will be architected
  • developers that would like to help understand KeeFox in order to help me get it on the road to a beta release early next year
  • developers that are interested in seeing how a Firefox C++ XPCOM extension can be built using Visual Studio 2008
  • developers with a particular interest in an ICE IPC example
  • developers looking for ideas about how to integrate third party software with Firefox

Compilation requirements and guidelines are on the sourceforge KeeFox project site

KeeFox task list


Please see http://sourceforge.net/apps/trac/keefox/report/3 for an up to date task list.

All dates are just an early estimation and I won’t be making any effort to treat them as deadlines but I hope they are vaguely realistic. Task assignments to particular versions are just a prediction of where I currently think a feature could fit into the project development timeline but again, it’s all subject to change as the project develops.

ongoing tasks

  • Review of code to reduce memory leaks and improve performance
  • Development of thorough self-test routines
  • Locale development (translation of user interface to other languages)
  • Peer-review of code to highlight security issues
  • icon. fox + padlock? copyright issues if too similar to firefox or KP?

0.1 [August W4]

  • FF LoginManagerStorage implementation (maybe missing some parts like entry deletion or http realm logins) [2008-10-05: done then cancelled]
  • prompt for DB open as required [2008-10-05: done]

0.2 [September W3]

  • handle keepass start and close events in FF (how to tell difference between KP not running and not-installed? ICE runtimes?) [2008-10-05: partially done]
  • complete LoginManagerStorage impl. if required (what happens with “clear passwords” integration?!, etc.) [2008-10-05: cancelled]

0.3 [October W3]

  • Improved LoginManager (ILM) [2008-10-05: moved from 0.4]
  • ILM: replicate built in login manager (extend existing JS code) [2008-10-05: moved from 0.4]
  • ILM: handle disabling/enabling built in login manager – options + (un)install [2008-10-05: moved from 0.4]

0.4 [November W4]

  • Allow choice between standard and ILM? [2008-10-05: cancelled]
  • Make sure passwords don’t get corrupt when swapping between LMs [2008-10-05: cancelled]
  • Clean LM swaps (data migrations if necessary) [2008-10-05: cancelled]
  • match multiple domains for one KP entry (e.g. hotmail, live.com)
  • Cleanly manage “new user” experience in terms of downloading keepass and setting up new database [2008-10-05: partialy done; moved from 0.3]
  • Deal with non-installed pre-requisites (e.g. KeePass v2) [2008-10-05: partially done; moved from 0.3]
  • Package/release system (XPI?) [2008-10-05: planned and mostly done; moved from 0.3]
  • test binary / installation process on seperate machine

0.5 [December W4]

  • XUL locale support [2008-10-05: moved from 0.3]
  • FF based options control system
  • configurable default database and group
  • Folders/groups – probably through integration with KP Groups and Firefox places (FFP)
  • FFP: tie places URL to KP URL
  • FFP: custom places view? used to render a “quick login” drop down menu system
  • publish first binary version

0.6-0.7 [January/February]

  • integration with some other plugins. e.g. Nexus’s Firefox to KeePass
  • FFP: integrate with location bar drop down list, history and bookmarks folder (option to log in straight from there)
  • FFP: options to show/hide links without logins in main drop down system
  • configurable custom-data location
  • ILM: support for deleting passwords, etc.
  • ILM: auto-submit
  • ILM: modal box option [2008-10-05: may not be done before version 1.0]
  • ILM: in-page pop-over login option
  • ILM: default auto-submit selection, with hot-key over-ride
  • (beta 1?)

0.8 – 1.0 [March – July 2009]

  • ILM: allow option to not require master password for everything [2008-10-05: moved from 0.4; may not be done before version 1.0]
  • ILM: Support for custom fields (e.g. radio buttons, checkboxes, PIN numbers, etc.)
  • Save after first registration functionality (ILM only?)
  • track how many times logins used (FFP: show popular sites, order by frequency, hide infrequently used etc.)
  • User-identified “essential improvements”
  • thorough bug testing
  • user documentation
  • user help,tooltips,wizzards,etc.
  • notices, etc. in appropriate places in main firefox UI so user knows KeePass is storing passwords
  • (beta 2, RCs?)


  • Identities (inc. openID?)
  • KeePass v1 support

Maybe TODO

  • Force KeeICE to only communicate with KeeFox
  • SSL encrypt ICE communication channel (store private key in KP DB?)
  • OpenID: Haven’t given this enough thought but maybe some integration of openID features could be good.

KeeFox technical introduction

This article will give an overview of the requirements and technologies used at this early stage of KeeFox development.

System requirements

  • KeePass 2
  • .NET 2
  • Firefox 3
  • Windows XP

All above could potentially be expanded in the future but this will depend on available time and demand (e.g. will anyone even be using Firefox 2 by the time the version for Firefox 3 is stable?). I’m particularly keen to get KeeFox working on Linux and Mac systems but until KeePass 2 is stable on those platforms or we can find a way to make KeePass version 1 play along, it won’t really be that practical – all offers of help are gratefully received.

Key technologies used

  • C#
  • C++
  • ICE
  • Javascript
  • XUL

Rough chain of events for an “average” use case

  1. XUL interface elements in firefox manipulated by user
  2. javascript event handlers call appropriate XPCOM functions in the C++ firefox add-on DLL
  3. which in turn calls proxy methods on shared data objects (defined in ICE’s IDL language)
  4. ICE DLL processes the function calls, does its magic and ends up calling the real methods (implemented in C#)
  5. these functions manipulate the active KP plugin instance (to read/write, prompt user for master password, etc.)

Background to KeeFox implementation technologies

If anyone has ever done anything like this before, they’ve either not put it online or managed to keep it beyond the eye of Google so I hope that as the project progresses I can expand on some of the technical challenges for the sake of anyone else that wants/needs to implement other software that uses these technologies. To start with, your best bet is to take a look at the source code which I will be posting online soon (e-mail me if you’re in a hurry) because the key issues have been largely solved in there already and it’s now “just” a matter of fleshing out all the detail (which would be mostly irrelevant to a different project anyway). Keep an eye out here for any new content I tag with keywords you’re interested in. RSS is your friend (although not your best friend – I’ve currently got no way to subscribe to individual tag updates).

I also toyed with .NET IPC channels and a mixture of managed and unmanaged C++ code in a rather complex configuration before settling on using ICE for the IPC. Part of the problem with the first approach was that Firefox won’t play along with any DLLs that make calls into the managed .NET application space. This meant I had to write a couple of extra layers and play with some rather complex managed/unmaged C++ wrappers in order to make it all work. I had it working for a while but the development (and performance?) overhead of multiple Marshalling steps was just too big so I scrapped that idea and went looking for some third party library to help (ICE).