[PATCH] keepassx2pass: Extract binary attachments

Michael Kesper mkesper at sysfive.com
Mon Apr 8 11:31:03 CEST 2019


In keepassx, it's possible to store one binary attachment per entry.
In XML export, these are included as base64-encoded text.
This patch will export these binaries as binary content into pass.
Files will be saved as <path_to/entry>_<name of attachment>.gpg, e.g.
for an attachment "order_2019-04-08.pdf" in entry "Orders/order001" it will be
"Orders/order001_order_2019-04-08.pdf.gpg".
The files can be decrypted directly with gpg --decrypt-files.
---
 contrib/importers/keepassx2pass.py | 35 ++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/contrib/importers/keepassx2pass.py b/contrib/importers/keepassx2pass.py
index 197375f..9daac91 100755
--- a/contrib/importers/keepassx2pass.py
+++ b/contrib/importers/keepassx2pass.py
@@ -1,10 +1,12 @@
 #!/usr/bin/env python3
 #
 # Copyright (C) 2012 Juhamatti Niemelä <iiska at iki.fi>. All Rights Reserved.
+# Copyright © 2019 Michael Kesper <mkesper at sysfive.com>.
 # This file is licensed under the GPLv2+. Please see COPYING for more information.
 #
 # Usage ./keepassx2pass.py export.xml
 
+import base64
 import sys
 import re
 
@@ -43,9 +45,11 @@ def path_for(element, path=''):
 
 def password_data(element):
     """ Return password data and additional info if available from
-    password entry element. """
+    password entry element.
+    Extract any base64-encoded attachment.
+    """
     passwd = element.find('password').text
-    ret = (passwd + "\n") if passwd else "\n"
+    ret = (passwd + "\n") if passwd is not None else "\n"
     for field in ['username', 'url', 'comment']:
         fel = element.find(field)
         children = [(e.text or '') + (e.tail or '') for e in list(fel)]
@@ -54,17 +58,34 @@ def password_data(element):
         text = (fel.text or '') + "\n".join(children)
         if len(text) > 0:
             ret = "%s%s: %s\n" % (ret, fel.tag, text)
-    return ret
+    attachment = element.find('bin')
+    attachment_name = element.find('bindesc')
+    if attachment is not None:
+        attachment = base64.b64decode(attachment.text)
+        attachment_name = attachment_name.text
+    return ret, attachment_name, attachment
+
 
 def import_entry(element, path=''):
     """ Import new password entry to password-store using pass insert
-    command """
-    print("Importing " + path_for(element, path))
+    command, exctract attachment if any.
+    """
+    path_name = path_for(element, path)
+    print("Importing {}".format(path_name))
+    pass_text, attachment_name, attachment = password_data(element)
     proc = Popen(['pass', 'insert', '--multiline', '--force',
-                  path_for(element, path)],
+                  path_name],
                   stdin=PIPE, stdout=PIPE)
-    proc.communicate(password_data(element).encode())
+    proc.communicate(pass_text.encode())
     proc.wait()
+    if attachment is not None:
+        print("Extracting binary data: {}".format(attachment_name))
+        proc = Popen(['pass', 'insert', '--multiline', '--force',
+                      '{}_{}'.format(path_name, attachment_name)],
+                      stdin=PIPE, stdout=PIPE)
+        proc.communicate(attachment)
+        proc.wait()
+
 
 def import_group(element, path=''):
     """ Import all entries and sub-groups from given group """
-- 
2.20.1


-- 
Michael Kesper
Consultant

sysfive.com GmbH
Schanzenstraße 30
D-51063 Köln

Fax: +49-40-228-668-210
Mobil: +49-1511-5507-448

Geschäftsfuehrender Gesellschafter: Gregor Binder | Amtsgericht
Hamburg: HRB 75948 | USt.ID.: DE209657974

Die Informationen in dieser E-Mail sind vertraulich und nur für den
oben angegebenen Adressatenkreis bestimmt.
Wir weisen darauf hin, dass jede Form der Veröffentlichung,
Vervielfältigung sowie Weitergabe des Inhalts untersagt ist.

The information contained in this E-Mail is confidental and intended
only for the use of the individual or entity named above.
You are hereby notified that any dissemination, distribution or copying
of this E-Mail is strictly prohibited.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20190408/e42da284/attachment.asc>


More information about the Password-Store mailing list