Tag Archives: keefox

KeeFox 0.4 source code released

The latest version of KeeFox (0.4)  is now ready. The source code is now contained within a public subversion (SVN) code repository at https://keefox.svn.sourceforge.net/svnroot/keefox/

You could start by downloading the binary version (Windows only). I can’t promise it will work and I’m sure it’s not necessary for me to suggest early and regular backups of any important data on your machine so I won’t. It is in the form of a Firefox add-on but please only install it on a development Firefox user profile because it’s not been tested alongside many other add-ons and data loss is a possibility. I have done limited testing as an administrator on a 32bit Win XP machine with .NET, KeePass 2.06 and Firefox 3.0.5 already installed. I recommend reading the information on this KeeFox project page first. Please let me know if you do try it out and say how successful it was and what environment you were working in.

There were two main groups of tasks I wanted to finish by version 0.4: an installation process via a firefox add-on and a very basic UI to allow passwords to be saved and filled in. These have been pretty much finished although there are a number of little tweaks still to be made and there will no doubt be gradual improvements to both of these aspects for many months to come.

There are a number of main tasks I want to get finished before the release of 0.5:

  1. Handle multiple KeePass databases (or at the very least, don’t crash in their presence!)
  2. Develop the UI far enough that using and saving passwords is pretty intuitive
  3. Create an options panel to allow the user to manage some configurable add-on options
  4. Create a UI for the user to choose to load a site and auto-login (in the form of a drop down menu)
  5. Extend (4) to integrate with the user’s bookmarks (and history) probably via a customised firefox places view with annotations

The last three tasks can be separated from the other parts of the code easily enough so I think that they are ideal candidates for other people to help with. They will be written using mainly javascript and XUL, with CSS being required at a later date too (although this can be added by me or someone else if you prefer). If you’re interested in knowing more about what’s involved, leave a comment below or contact me.

I’m not updating the road-map for this release because I feel that the above list is more useful in the short term; in the long term I’m aiming to start using a public task tracker for version 0.6 onwards. The rough ideas in the road-map still apply, although I think it’s unlikely I’ll catch up the extra month it took to reach the 0.4 stage so it may be more realistic to expect a final release in late summer 2009. Of course, if I get a lot of help, this could be brought forward a bit!

If I get no offers of help for the three items mentioned above by the end of January 2009, I’ll start work on them myself and I roughly estimate that 0.5 would be released in mid-March. If others can help out then it could happen around a month earlier.

The version 0.4 code may be useful for:

  • developers that are keen to learn more about how KeeFox will be architected
  • developers that would like to help develop KeeFox, maybe through one of the tasks described above

Developers that are interested in seeing how a Firefox C++ XPCOM extension can be built using Visual Studio 2008, have a particular interest in seeing an ICE IPC example or are looking for ideas about how to integrate third party software with Firefox could also find it useful although version 0.2 may be a better place to start since it is less specific to the eventual aims of this project.

Compilation requirements and guidelines are on the sourceforge KeeFox project site

KeeFox 0.2 source code released

KeeFox 0.2 has been released.

I was just about to get stuck into writing the actual code that will handle reading and writing passwords from KeePass to/from Firefox but thought it might be a good time to take a new source code snapshot and call it version 0.2 so the code is now available from the KeeFox sourceforge project website

I’ve also updated the roadmap at KeeFox task list

There’s still nothing much to look at from an end-user perspective and I’ve now abandoned the idea of integrating directly with the existing Firefox 3 login manager becuase it is not completely suitable (see Who will implement nsILoginManagerStorage? for a more in depth reason).

I think I’ve identified a pretty workable installation process which should get new users up and running with minimal fuss – I’ve done enough work on this so I can be confident it will work but there are still a few missing links that I will fill in over the coming months.

As with 0.1, I’ve not really tested the compiled application at all so I would recommend restricting yourself to just reading the source code (and maybe attempting a compilation) for a little while longer.

The code may be useful for:

  • developers that are keen to learn more about how KeeFox will be architected
  • developers that would like to help understand KeeFox in order to help me get it on the road to a beta release early next year
  • developers that are interested in seeing how a Firefox C++ XPCOM extension can be built using Visual Studio 2008
  • developers with a particular interest in an ICE IPC example
  • developers looking for ideas about how to integrate third party software with Firefox

Compilation requirements and guidelines are on the sourceforge KeeFox project site

KeeFox 0.1 source code released

I’m pleased to announce that version 0.1 of KeeFox has now been released. The version number gives you a clue but just to be explicit, this is not suitable for end users and is probably not even suitable for any but the most intrigued developers.

This version demonstrates many of the functions and technologies that will be used as we develop the project further but it’s not much to look at yet.
It may be useful for:

  • developers that are keen to learn more about how KeeFox will be architected
  • developers that would like to help understand KeeFox in order to help me get it past version 0.1 and on the road to a beta release early next year.
  • developers that are interested in seeing how a Firefox C++ XPCOM extension can be built using Visual Studio 2008
  • developers with a particular interest in the Firefox 3 nsILoginManagerStorage interface
  • people who think attempting to compile visual studio projects is even more fun than eating cake

Compilation requirements and guidelines are on the sourceforge KeeFox project site

Who will implement nsILoginManagerStorage?

When I first saw that Firefox 3 would permit the implementation of custom storage mechanisms for the built in Firefox password manager I immediately thought of the possibility of integrating a KeePass database neatly into the Firefox user interface and therefore allowing a way for users to make use of the system they are already used to in Firefox while benefiting from the extra non-firefox features that KeePass offers.

It seems as though the authors of the interface had similar ideas:
“For example, if you wish to provide operating system integration with a native password manager system, implementing and registering a storage module for the Login Manager is how you do it.”

I’ve even had a good attempt at implementing this and made some good progress as can be seen in the imminent version 0.1 of the KeeFox source code. However, I have come across a few issues that have made me think about how feasible this is in the long run.

I’m particularly struggling to see how some of the interface definitions can be sensibly applied to a third party manager without crippling the existing functionality that the 3rd party manager offers. This is best explained through an example:

Take the removeAllLogins method. The key points are that any password manager implementing this method must delete all logins from its database without first requiring the user to authenticate with a master password. Notwithstanding the questionable benefit of this feature in the standard Firefox password manager I find it hard to see how any third party password manager would ever be written in such a way that permits this type of action.

Would a user have any hope of understanding that clicking “delete private data” in Firefox will lead to the destruction of their password database in a third party application or native operating system password manager system? This is just one example but I think it’s just one of many ways that the overall user experience could be reduced by the use of this interface for integrating existing password managers.

With that in mind it seems to me that the only option for integrating a separate password manager through this interface would involve disregarding the Mozilla specification which is likely to lead to further confusion for both developers and users. I can’t see how that could be a good idea.

So who might actually implement this interface to its official specification? I suppose that someone may wish to write an extension that stores firefox passwords in a different format or using a different encryption algorithm. Or maybe someone will find some compromises that are suitable for a particular use on an intranet and/or an internal proprietary password management system.

I do think it is an interface worth having and I can see that it will have its uses but my feeling is that it may not quite live up to the full ambitions stated in the official documentation without introducing significant compromises into other aspects of the user experience.

I think I may need to make an early change to my KeeFox plans in order to ensure that the extension provides an alternative to the standard firefox password manager as early as possible. Maybe I could still tell Firefox to send the standard password management requests KeeFox’s way but simply ignore them or tell the user to not use them now that they have installed KeeFox…

KeeFox task list


Please see http://sourceforge.net/apps/trac/keefox/report/3 for an up to date task list.

All dates are just an early estimation and I won’t be making any effort to treat them as deadlines but I hope they are vaguely realistic. Task assignments to particular versions are just a prediction of where I currently think a feature could fit into the project development timeline but again, it’s all subject to change as the project develops.

ongoing tasks

  • Review of code to reduce memory leaks and improve performance
  • Development of thorough self-test routines
  • Locale development (translation of user interface to other languages)
  • Peer-review of code to highlight security issues
  • icon. fox + padlock? copyright issues if too similar to firefox or KP?

0.1 [August W4]

  • FF LoginManagerStorage implementation (maybe missing some parts like entry deletion or http realm logins) [2008-10-05: done then cancelled]
  • prompt for DB open as required [2008-10-05: done]

0.2 [September W3]

  • handle keepass start and close events in FF (how to tell difference between KP not running and not-installed? ICE runtimes?) [2008-10-05: partially done]
  • complete LoginManagerStorage impl. if required (what happens with “clear passwords” integration?!, etc.) [2008-10-05: cancelled]

0.3 [October W3]

  • Improved LoginManager (ILM) [2008-10-05: moved from 0.4]
  • ILM: replicate built in login manager (extend existing JS code) [2008-10-05: moved from 0.4]
  • ILM: handle disabling/enabling built in login manager – options + (un)install [2008-10-05: moved from 0.4]

0.4 [November W4]

  • Allow choice between standard and ILM? [2008-10-05: cancelled]
  • Make sure passwords don’t get corrupt when swapping between LMs [2008-10-05: cancelled]
  • Clean LM swaps (data migrations if necessary) [2008-10-05: cancelled]
  • match multiple domains for one KP entry (e.g. hotmail, live.com)
  • Cleanly manage “new user” experience in terms of downloading keepass and setting up new database [2008-10-05: partialy done; moved from 0.3]
  • Deal with non-installed pre-requisites (e.g. KeePass v2) [2008-10-05: partially done; moved from 0.3]
  • Package/release system (XPI?) [2008-10-05: planned and mostly done; moved from 0.3]
  • test binary / installation process on seperate machine

0.5 [December W4]

  • XUL locale support [2008-10-05: moved from 0.3]
  • FF based options control system
  • configurable default database and group
  • Folders/groups – probably through integration with KP Groups and Firefox places (FFP)
  • FFP: tie places URL to KP URL
  • FFP: custom places view? used to render a “quick login” drop down menu system
  • publish first binary version

0.6-0.7 [January/February]

  • integration with some other plugins. e.g. Nexus’s Firefox to KeePass
  • FFP: integrate with location bar drop down list, history and bookmarks folder (option to log in straight from there)
  • FFP: options to show/hide links without logins in main drop down system
  • configurable custom-data location
  • ILM: support for deleting passwords, etc.
  • ILM: auto-submit
  • ILM: modal box option [2008-10-05: may not be done before version 1.0]
  • ILM: in-page pop-over login option
  • ILM: default auto-submit selection, with hot-key over-ride
  • (beta 1?)

0.8 – 1.0 [March – July 2009]

  • ILM: allow option to not require master password for everything [2008-10-05: moved from 0.4; may not be done before version 1.0]
  • ILM: Support for custom fields (e.g. radio buttons, checkboxes, PIN numbers, etc.)
  • Save after first registration functionality (ILM only?)
  • track how many times logins used (FFP: show popular sites, order by frequency, hide infrequently used etc.)
  • User-identified “essential improvements”
  • thorough bug testing
  • user documentation
  • user help,tooltips,wizzards,etc.
  • notices, etc. in appropriate places in main firefox UI so user knows KeePass is storing passwords
  • (beta 2, RCs?)


  • Identities (inc. openID?)
  • KeePass v1 support

Maybe TODO

  • Force KeeICE to only communicate with KeeFox
  • SSL encrypt ICE communication channel (store private key in KP DB?)
  • OpenID: Haven’t given this enough thought but maybe some integration of openID features could be good.