Tag Archives: tomlinson

KeeFox 0.1 source code released

I’m pleased to announce that version 0.1 of KeeFox has now been released. The version number gives you a clue but just to be explicit, this is not suitable for end users and is probably not even suitable for any but the most intrigued developers.

This version demonstrates many of the functions and technologies that will be used as we develop the project further but it’s not much to look at yet.
It may be useful for:

  • developers that are keen to learn more about how KeeFox will be architected
  • developers that would like to help understand KeeFox in order to help me get it past version 0.1 and on the road to a beta release early next year.
  • developers that are interested in seeing how a Firefox C++ XPCOM extension can be built using Visual Studio 2008
  • developers with a particular interest in the Firefox 3 nsILoginManagerStorage interface
  • people who think attempting to compile visual studio projects is even more fun than eating cake

Compilation requirements and guidelines are on the sourceforge KeeFox project site

Who will implement nsILoginManagerStorage?

When I first saw that Firefox 3 would permit the implementation of custom storage mechanisms for the built in Firefox password manager I immediately thought of the possibility of integrating a KeePass database neatly into the Firefox user interface and therefore allowing a way for users to make use of the system they are already used to in Firefox while benefiting from the extra non-firefox features that KeePass offers.

It seems as though the authors of the interface had similar ideas:
“For example, if you wish to provide operating system integration with a native password manager system, implementing and registering a storage module for the Login Manager is how you do it.”

I’ve even had a good attempt at implementing this and made some good progress as can be seen in the imminent version 0.1 of the KeeFox source code. However, I have come across a few issues that have made me think about how feasible this is in the long run.

I’m particularly struggling to see how some of the interface definitions can be sensibly applied to a third party manager without crippling the existing functionality that the 3rd party manager offers. This is best explained through an example:

Take the removeAllLogins method. The key points are that any password manager implementing this method must delete all logins from its database without first requiring the user to authenticate with a master password. Notwithstanding the questionable benefit of this feature in the standard Firefox password manager I find it hard to see how any third party password manager would ever be written in such a way that permits this type of action.

Would a user have any hope of understanding that clicking “delete private data” in Firefox will lead to the destruction of their password database in a third party application or native operating system password manager system? This is just one example but I think it’s just one of many ways that the overall user experience could be reduced by the use of this interface for integrating existing password managers.

With that in mind it seems to me that the only option for integrating a separate password manager through this interface would involve disregarding the Mozilla specification which is likely to lead to further confusion for both developers and users. I can’t see how that could be a good idea.

So who might actually implement this interface to its official specification? I suppose that someone may wish to write an extension that stores firefox passwords in a different format or using a different encryption algorithm. Or maybe someone will find some compromises that are suitable for a particular use on an intranet and/or an internal proprietary password management system.

I do think it is an interface worth having and I can see that it will have its uses but my feeling is that it may not quite live up to the full ambitions stated in the official documentation without introducing significant compromises into other aspects of the user experience.

I think I may need to make an early change to my KeeFox plans in order to ensure that the extension provides an alternative to the standard firefox password manager as early as possible. Maybe I could still tell Firefox to send the standard password management requests KeeFox’s way but simply ignore them or tell the user to not use them now that they have installed KeeFox…

KeeFox task list


Please see http://sourceforge.net/apps/trac/keefox/report/3 for an up to date task list.

All dates are just an early estimation and I won’t be making any effort to treat them as deadlines but I hope they are vaguely realistic. Task assignments to particular versions are just a prediction of where I currently think a feature could fit into the project development timeline but again, it’s all subject to change as the project develops.

ongoing tasks

  • Review of code to reduce memory leaks and improve performance
  • Development of thorough self-test routines
  • Locale development (translation of user interface to other languages)
  • Peer-review of code to highlight security issues
  • icon. fox + padlock? copyright issues if too similar to firefox or KP?

0.1 [August W4]

  • FF LoginManagerStorage implementation (maybe missing some parts like entry deletion or http realm logins) [2008-10-05: done then cancelled]
  • prompt for DB open as required [2008-10-05: done]

0.2 [September W3]

  • handle keepass start and close events in FF (how to tell difference between KP not running and not-installed? ICE runtimes?) [2008-10-05: partially done]
  • complete LoginManagerStorage impl. if required (what happens with “clear passwords” integration?!, etc.) [2008-10-05: cancelled]

0.3 [October W3]

  • Improved LoginManager (ILM) [2008-10-05: moved from 0.4]
  • ILM: replicate built in login manager (extend existing JS code) [2008-10-05: moved from 0.4]
  • ILM: handle disabling/enabling built in login manager – options + (un)install [2008-10-05: moved from 0.4]

0.4 [November W4]

  • Allow choice between standard and ILM? [2008-10-05: cancelled]
  • Make sure passwords don’t get corrupt when swapping between LMs [2008-10-05: cancelled]
  • Clean LM swaps (data migrations if necessary) [2008-10-05: cancelled]
  • match multiple domains for one KP entry (e.g. hotmail, live.com)
  • Cleanly manage “new user” experience in terms of downloading keepass and setting up new database [2008-10-05: partialy done; moved from 0.3]
  • Deal with non-installed pre-requisites (e.g. KeePass v2) [2008-10-05: partially done; moved from 0.3]
  • Package/release system (XPI?) [2008-10-05: planned and mostly done; moved from 0.3]
  • test binary / installation process on seperate machine

0.5 [December W4]

  • XUL locale support [2008-10-05: moved from 0.3]
  • FF based options control system
  • configurable default database and group
  • Folders/groups – probably through integration with KP Groups and Firefox places (FFP)
  • FFP: tie places URL to KP URL
  • FFP: custom places view? used to render a “quick login” drop down menu system
  • publish first binary version

0.6-0.7 [January/February]

  • integration with some other plugins. e.g. Nexus’s Firefox to KeePass
  • FFP: integrate with location bar drop down list, history and bookmarks folder (option to log in straight from there)
  • FFP: options to show/hide links without logins in main drop down system
  • configurable custom-data location
  • ILM: support for deleting passwords, etc.
  • ILM: auto-submit
  • ILM: modal box option [2008-10-05: may not be done before version 1.0]
  • ILM: in-page pop-over login option
  • ILM: default auto-submit selection, with hot-key over-ride
  • (beta 1?)

0.8 – 1.0 [March – July 2009]

  • ILM: allow option to not require master password for everything [2008-10-05: moved from 0.4; may not be done before version 1.0]
  • ILM: Support for custom fields (e.g. radio buttons, checkboxes, PIN numbers, etc.)
  • Save after first registration functionality (ILM only?)
  • track how many times logins used (FFP: show popular sites, order by frequency, hide infrequently used etc.)
  • User-identified “essential improvements”
  • thorough bug testing
  • user documentation
  • user help,tooltips,wizzards,etc.
  • notices, etc. in appropriate places in main firefox UI so user knows KeePass is storing passwords
  • (beta 2, RCs?)


  • Identities (inc. openID?)
  • KeePass v1 support

Maybe TODO

  • Force KeeICE to only communicate with KeeFox
  • SSL encrypt ICE communication channel (store private key in KP DB?)
  • OpenID: Haven’t given this enough thought but maybe some integration of openID features could be good.

KeeFox technical introduction

This article will give an overview of the requirements and technologies used at this early stage of KeeFox development.

System requirements

  • KeePass 2
  • .NET 2
  • Firefox 3
  • Windows XP

All above could potentially be expanded in the future but this will depend on available time and demand (e.g. will anyone even be using Firefox 2 by the time the version for Firefox 3 is stable?). I’m particularly keen to get KeeFox working on Linux and Mac systems but until KeePass 2 is stable on those platforms or we can find a way to make KeePass version 1 play along, it won’t really be that practical – all offers of help are gratefully received.

Key technologies used

  • C#
  • C++
  • ICE
  • Javascript
  • XUL

Rough chain of events for an “average” use case

  1. XUL interface elements in firefox manipulated by user
  2. javascript event handlers call appropriate XPCOM functions in the C++ firefox add-on DLL
  3. which in turn calls proxy methods on shared data objects (defined in ICE’s IDL language)
  4. ICE DLL processes the function calls, does its magic and ends up calling the real methods (implemented in C#)
  5. these functions manipulate the active KP plugin instance (to read/write, prompt user for master password, etc.)

Background to KeeFox implementation technologies

If anyone has ever done anything like this before, they’ve either not put it online or managed to keep it beyond the eye of Google so I hope that as the project progresses I can expand on some of the technical challenges for the sake of anyone else that wants/needs to implement other software that uses these technologies. To start with, your best bet is to take a look at the source code which I will be posting online soon (e-mail me if you’re in a hurry) because the key issues have been largely solved in there already and it’s now “just” a matter of fleshing out all the detail (which would be mostly irrelevant to a different project anyway). Keep an eye out here for any new content I tag with keywords you’re interested in. RSS is your friend (although not your best friend – I’ve currently got no way to subscribe to individual tag updates).

I also toyed with .NET IPC channels and a mixture of managed and unmanaged C++ code in a rather complex configuration before settling on using ICE for the IPC. Part of the problem with the first approach was that Firefox won’t play along with any DLLs that make calls into the managed .NET application space. This meant I had to write a couple of extra layers and play with some rather complex managed/unmaged C++ wrappers in order to make it all work. I had it working for a while but the development (and performance?) overhead of multiple Marshalling steps was just too big so I scrapped that idea and went looking for some third party library to help (ICE).