Files
keepassgo/docs/kdbx-compatibility.md
T
2026-03-29 11:23:54 -07:00

1.4 KiB

KDBX Security Compatibility

KeePassGO supports the following KDBX security workflows today:

  • open and save password-only vaults
  • open and save key-file-only vaults
  • open and save composite password-plus-key-file vaults
  • select the active master-key mode in the product UI for create, open, and unlock flows
  • change an existing session to a new master-key mode before saving
  • preserve the original opened vault's KDBX format version during save
  • preserve the original opened vault's cipher selection during save
  • preserve the original opened vault's KDF selection during save

What "preserve" means:

  • if a vault is opened through a managed session and then saved, KeePassGO reuses the opened vault's KDBX header configuration instead of replacing it with default header settings
  • this applies to local and WebDAV-backed vault sessions

Current explicit limitations:

  • KeePassGO does not yet provide a UI for editing cipher or KDF parameters directly
  • new vault creation still uses the library default KDBX header settings for freshly created databases
  • unsupported or unknown header fields outside the preserved header structures are not guaranteed to round-trip if they are not represented by the underlying library

Practical expectation:

  • existing KeePass/KeePass2Android-compatible vaults keep their major format, cipher, and KDF family when edited and saved through KeePassGO
  • KeePassGO does not yet try to be a full advanced database-settings editor