Widen scope of Edit Encrypted Key File tool

As of this commit, the Edit Ecnrypted Key File tool is available if the current database was unlocked using a plaintext or encrypted key file. Previously an encrypted key file was required.
episource · Feb 25, 2020 · 10f7e88 · 10f7e88
1 parent 45238ce
commit 10f7e88
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 15 deletions.
diff --git a/.idea/.idea.KeePass-SmartcardEncryptedKeyFile/.idea/indexLayout.xml b/.idea/.idea.KeePass-SmartcardEncryptedKeyFile/.idea/indexLayout.xml
diff --git a/EpiSource.KeePass.Ekf/KeyProvider/SmartcardEncryptedKeyProvider.cs b/EpiSource.KeePass.Ekf/KeyProvider/SmartcardEncryptedKeyProvider.cs
@@ -13,6 +13,7 @@
 
 using EpiSource.Unblocker.Hosting;
 
+using KeePass.Forms;
 using KeePass.Plugins;
 
 using KeePassLib.Keys;
@@ -39,8 +40,10 @@ public SmartcardEncryptedKeyProvider(IPluginHost pluginHost) {
             editMenu.Click += (sender, args) => this.EditEkf();
             this.pluginHost.MainWindow.ToolsMenu.DropDownItems.Add(editMenu);
 
-            this.pluginHost.MainWindow.FileOpened += (sender, args) => editMenu.Enabled = this.CanEditEkf();
-            this.pluginHost.MainWindow.FileClosed += (sender, args) => editMenu.Enabled = this.CanEditEkf();
+            Action updateEditEkfMenuItem = 
+                () => editMenu.Enabled = EditEncryptedKeyFileDialog.CanAskForSettings(this.GetActiveEkfKey());
+            this.pluginHost.MainWindow.FileOpened += (sender, args) => updateEditEkfMenuItem();
+            this.pluginHost.MainWindow.FileClosed += (sender, args) => updateEditEkfMenuItem();
         }
 
         public override byte[] GetKey(KeyProviderQueryContext ctx) {
@@ -85,7 +88,11 @@ public override bool DirectKey {
         }
 
         private void EditEkf() {
-            if (this.CanEditEkf()) {
+            var activeKey = this.GetActiveEkfKey();
+
+            // treat missing EKF as empty EKF
+            // permit edit as long as key (file) data is available
+            if (EditEncryptedKeyFileDialog.CanAskForSettings(activeKey)) {
                 var encryptionRequest = EditEncryptedKeyFileDialog.AskForSettings(
                     this.pluginHost.Database.IOConnectionInfo, this.GetActiveEkfKey());
                 if (encryptionRequest != null) {
@@ -94,14 +101,9 @@ private void EditEkf() {
             }
         }
 
-
-        private bool CanEditEkf() {
-            return this.pluginHost.Database.HasEncryptedKeyFile() && this.GetActiveEkfKey() != null;
-        }
-
         private IUserKey GetActiveEkfKey() {
             var db = this.pluginHost.Database;
-            if (db == null) {
+            if (db == null || db.MasterKey == null) {
                 return null;
             }
 

diff --git a/EpiSource.KeePass.Ekf/UI/EditEncryptedKeyFileDialog.cs b/EpiSource.KeePass.Ekf/UI/EditEncryptedKeyFileDialog.cs
@@ -65,17 +65,18 @@ public static KeyEncryptionRequest AskForSettings(IOConnectionInfo dbPath, IUser
             if (keyFile == null) {
                 throw new ArgumentNullException("keyFile");
             }
-            if (!(keyFile is KcpKeyFile)) {
-                var customKey = keyFile as KcpCustomKey;
-                if (customKey == null || customKey.Name != SmartcardEncryptedKeyProvider.ProviderName) {
-                    throw new ArgumentException(@"Unsupported existing key type", "keyFile"); 
-                }
+            if (!CanAskForSettings(keyFile)) { 
+                throw new ArgumentException(@"Unsupported key type.", "keyFile"); 
             }
 
             var dialog = new EditEncryptedKeyFileDialog(dbPath, keyFile, new DefaultKeyPairProvider(dbPath), false);
             return dialog.ShowDialogAndGenerateEncryptionRequest();
         }
 
+        public static bool CanAskForSettings(IUserKey keyFile) {
+            return keyFile is KcpKeyFile || keyFile is KcpCustomKey && ((KcpCustomKey) keyFile).Name == SmartcardEncryptedKeyProvider.ProviderName;
+        }
+
         private void ExportKey() {
             if (this.nextKey == null) {
                 return;

diff --git a/README.md b/README.md
@@ -50,6 +50,8 @@ Nothing special here, doesn't require the plugin to be installed at all:
 5. [Confirm](#unlock-database-using-backup-key-file) that the exported backup key file can be used to unlock the database.
 
 ## Add encrypted key file to existing database
+Note: If the current database already uses a plaintext key file in addition to the master password, it is also possible to proceed as described in section [change authorization](#change-authorization). Using the `Change Master Key` dialog as described below will always work.
+
 1. Open `Change Master Key...` dialog from `File` menu
 <br/>![Add encrypted key file to existing database: Create Composite Master Key](./doc/new-database_create-master-key.png)
 2. Activate `Show expert options` and select at least `Key file / provider` and choose `Smartcard Encrypted Key File Provider`
@@ -64,7 +66,7 @@ Nothing special here, doesn't require the plugin to be installed at all:
  5. [Confirm](#unlock-database-using-backup-key-file) that the exported backup key file or the previously used key file can be used to unlock the database.
 
 ## Change authorization
-1. Open and unlock a database with accompanying encrypted key file
+1. Open and unlock a database using an encrypted or plaintext key file
 2. Within `Tools` menu select `Edit Encrypted Key File`. A dialog like below shows up:
 <br/>![Change authorization: EKF editor](./doc/change-authorization_edit-ekf.png)
    1. All currently authorized smartcards are preselected.