Add configurable vault security settings

This commit is contained in:
Joe Julian
2026-03-30 07:58:27 -07:00
parent 84f39b99de
commit b2c26622e8
11 changed files with 458 additions and 47 deletions
+6 -3
View File
@@ -10,6 +10,9 @@ KeePassGO supports the following KDBX security workflows today:
- preserve the original opened vault's KDBX format version during save
- preserve the original opened vault's cipher selection during save
- preserve the original opened vault's KDF selection during save
- choose the cipher family for new vault creation
- choose the KDF family for new vault creation
- change the cipher family and KDF family for an existing unlocked session before the next save
What "preserve" means:
@@ -18,11 +21,11 @@ What "preserve" means:
Current explicit limitations:
- KeePassGO does not yet provide a UI for editing cipher or KDF parameters directly
- new vault creation still uses the library default KDBX header settings for freshly created databases
- KeePassGO currently exposes major cipher/KDF family choices, not every low-level tuning parameter from KeePass
- advanced KDF tuning such as custom Argon2 memory/parallelism and AES-KDF round-count editing is not yet a product-facing control
- unsupported or unknown header fields outside the preserved header structures are not guaranteed to round-trip if they are not represented by the underlying library
Practical expectation:
- existing KeePass/KeePass2Android-compatible vaults keep their major format, cipher, and KDF family when edited and saved through KeePassGO
- KeePassGO does not yet try to be a full advanced database-settings editor
- KeePassGO now lets a user select the major cipher/KDF family, while still avoiding a full low-level database-header editor