Add configurable vault security settings
This commit is contained in:
@@ -0,0 +1,48 @@
|
||||
# Accessibility Review
|
||||
|
||||
KeePassGO currently targets keyboard-first desktop use on Linux and Windows.
|
||||
|
||||
## What is intentionally supported
|
||||
|
||||
- Keyboard focus is explicit for:
|
||||
- vault search
|
||||
- breadcrumb navigation
|
||||
- entry list selection
|
||||
- detail/editor fields
|
||||
- Focus styling is visible and distinct from the unfocused field treatment.
|
||||
- Common keyboard workflows are covered in-repo by tests for:
|
||||
- tab navigation
|
||||
- list navigation
|
||||
- search focus
|
||||
- new-entry focus transitions
|
||||
- Controls that participate in keyboard navigation have intent-revealing accessibility labels through `accessibilityLabel` in [`ui_accessibility.go`](/home/jjulian/dev/go/src/git.julianfamily.org/keepassgo/ui_accessibility.go).
|
||||
|
||||
## Current screen-reader boundary
|
||||
|
||||
- Gio does not currently give KeePassGO a full native accessibility tree comparable to mature desktop UI toolkits.
|
||||
- KeePassGO therefore treats screen-reader support as:
|
||||
- label-conscious where the toolkit exposes focusable controls
|
||||
- limited where platform assistive APIs are not surfaced by Gio in the same way as native toolkit widgets
|
||||
- In practice, this means keyboard and focus behavior are first-class and tested, while spoken output quality still depends on Gio/platform limitations outside this repo.
|
||||
|
||||
## Current review result
|
||||
|
||||
- Linux:
|
||||
- keyboard/focus behavior is intentionally supported
|
||||
- visible focus states and control naming are present in code
|
||||
- full Orca-style semantic verification is not something this repo can assert automatically today
|
||||
- Windows:
|
||||
- the same keyboard/focus behavior and explicit labels are present in-app
|
||||
- full UI Automation parity cannot be claimed from inside this codebase without broader Gio support
|
||||
|
||||
## What KeePassGO should continue doing
|
||||
|
||||
- Keep every major workflow operable without a pointer device.
|
||||
- Add explicit labels for any new focusable control.
|
||||
- Preserve visible focus treatment for new form fields, buttons, and dialogs.
|
||||
- Prefer dialogs and panels that keep keyboard focus predictable.
|
||||
|
||||
## What remains toolkit-limited
|
||||
|
||||
- Rich screen-reader semantics beyond the control labeling and focus management done in this repository.
|
||||
- Native assistive-technology parity with toolkits that expose a fuller accessibility object model.
|
||||
@@ -10,6 +10,9 @@ KeePassGO supports the following KDBX security workflows today:
|
||||
- preserve the original opened vault's KDBX format version during save
|
||||
- preserve the original opened vault's cipher selection during save
|
||||
- preserve the original opened vault's KDF selection during save
|
||||
- choose the cipher family for new vault creation
|
||||
- choose the KDF family for new vault creation
|
||||
- change the cipher family and KDF family for an existing unlocked session before the next save
|
||||
|
||||
What "preserve" means:
|
||||
|
||||
@@ -18,11 +21,11 @@ What "preserve" means:
|
||||
|
||||
Current explicit limitations:
|
||||
|
||||
- KeePassGO does not yet provide a UI for editing cipher or KDF parameters directly
|
||||
- new vault creation still uses the library default KDBX header settings for freshly created databases
|
||||
- KeePassGO currently exposes major cipher/KDF family choices, not every low-level tuning parameter from KeePass
|
||||
- advanced KDF tuning such as custom Argon2 memory/parallelism and AES-KDF round-count editing is not yet a product-facing control
|
||||
- unsupported or unknown header fields outside the preserved header structures are not guaranteed to round-trip if they are not represented by the underlying library
|
||||
|
||||
Practical expectation:
|
||||
|
||||
- existing KeePass/KeePass2Android-compatible vaults keep their major format, cipher, and KDF family when edited and saved through KeePassGO
|
||||
- KeePassGO does not yet try to be a full advanced database-settings editor
|
||||
- KeePassGO now lets a user select the major cipher/KDF family, while still avoiding a full low-level database-header editor
|
||||
|
||||
Reference in New Issue
Block a user