File::KDBX::KDF - A key derivation function
version 0.906
A KDF (key derivation function) is used in the transformation of a master key (i.e. one or more component keys) to produce the final encryption key protecting a KDBX database. The File::KDBX distribution comes with several pre-registered KDFs ready to go:
C9D9F39A-628A-4460-BF74-0D08C18A4FEA - AES
C9D9F39A-628A-4460-BF74-0D08C18A4FEA
7C02BB82-79A7-4AC0-927D-114A00648238 - AES (challenge-response variant)
7C02BB82-79A7-4AC0-927D-114A00648238
EF636DDF-8C29-444B-91F7-A9A403E30A0C - Argon2d
EF636DDF-8C29-444B-91F7-A9A403E30A0C
9E298B19-56DB-4773-B23D-FC3EC6F0A1E6 - Argon2id
9E298B19-56DB-4773-B23D-FC3EC6F0A1E6
NOTE: If you want your KDBX file to be readable by other KeePass implementations, you must use a UUID and algorithm that they support. From the list above, all are well-supported except the AES challenge-response variant which is kind of a pseudo KDF and isn't usually written into files. All of these are good. AES has a longer track record, but Argon2 has better ASIC resistance.
You can also "register" your own KDF. Here is a skeleton:
package File::KDBX::KDF::MyKDF; use parent 'File::KDBX::KDF'; File::KDBX::KDF->register( # $uuid, $package, %args "\x12\x34\x56\x78\x9a\xbc\xde\xfg\x12\x34\x56\x78\x9a\xbc\xde\xfg" => __PACKAGE__, ); sub init { ... } # optional sub _transform { my ($key) = @_; ... }
$uuid => $kdf->uuid;
Get the UUID used to determine which function to use.
$seed = $kdf->seed;
Get the seed (or salt, depending on the function).
$kdf = File::KDBX::KDF->new(parameters => \%params);
Construct a new KDF.
$kdf = $kdf->init(%attributes);
Called by "new" to set attributes. You normally shouldn't call this. Returns itself to allow method chaining.
$transformed_key = $kdf->transform($key); $transformed_key = $kdf->transform($key, $challenge);
Transform a key. The input key can be either a File::KDBX::Key or a raw binary key, and the transformed key will be a raw key.
This can take awhile, depending on the KDF parameters.
If a challenge is provided (and the KDF is AES except for the KeePassXC variant), it will be passed to the key so challenge-response keys can produce raw keys. See "raw_key" in File::KDBX::Key.
$kdf->randomize_seed;
Generate and set a new random seed/salt.
File::KDBX::KDF->register($uuid => $package, %args);
Register a KDF. Registered KDFs can be used to encrypt and decrypt KDBX databases. A KDF's UUID must be unique and musn't change. A KDF UUID is written into each KDBX file and the associated KDF must be registered with the same UUID in order to decrypt the KDBX file.
$package should be a Perl package relative to File::KDBX::KDF:: or prefixed with a + if it is a fully-qualified package. %args are passed as-is to the KDF's "init" method.
$package
File::KDBX::KDF::
+
%args
File::KDBX::KDF->unregister($uuid);
Unregister a KDF. Unregistered KDFs can no longer be used to encrypt and decrypt KDBX databases, until reregistered (see "register").
Please report any bugs or feature requests on the bugtracker website https://github.com/chazmcgarvey/File-KDBX/issues
When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.
Charles McGarvey <ccm@cpan.org>
This software is copyright (c) 2022 by Charles McGarvey.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
To install File::KDBX, copy and paste the appropriate command in to your terminal.
cpanm
cpanm File::KDBX
CPAN shell
perl -MCPAN -e shell install File::KDBX
For more information on module installation, please visit the detailed CPAN module installation guide.