KeePassRX 0.12.0: Onwards to a Fully Functioning App

Published: 2025-12-01T16:33:04+01:00

I have finally finished work on a bunch a new version of KeePassRX.

KeePassRX is a KeePass password manager designed for Ubuntu Touch, with aspirations of being ported to SailfishOS and other mobile Linux distributions. In this release, a bunch of new features and fixes were developed:

New: Support externally synced databases. Details in the manual.
New: Prettier UI elements for entries, courtesy of the Sealed project.
New: Key file support.
New: New UI for the Open Database page.
New: Fuzzy searching (toggle in settings).
Fix: Settings no longer require restart to take effect.
Fix: Show Recycle Bin setting works again.
Fix: List of 3rd party open source licenses on About page.
Fix: Icon borders hard to see in light environment theme.
Fix: Strange folder structure in the data directory.

The manual has also been updated to reflect the new features in this version. With this version of KeePassRX, it is starting to change from "weekend hack job" into "a proper mobile app." The next major feature is, of course, editing the password database. But there are still some smaller things to add before that (namely, supporting attachments) and further migration of the app's architecture to actually support editing the password database.

The general roadmap I have for KeePassRX is to develop the baseline read-only functionality first, and squash as many bugs as possible out of that before adding edit functionality. And when I do start working on editing password databases, that too will be released in phases. The most likely place to start is adding and removing tags from entries: it's self-contained, simple, but still requires having the entire infrastructure in the code for editing.

Why not Editing Now?

Editing the password database is not as simple as changing a field and saving the file. KeePass databases are encrypted files, and a password manager must minimize the amount of time any sensitive information is available in memory in cleartext. To that end, KeePassRX does a bunch of things like using libsodium's SecureVec, zeroing out memory, transparently encrypting and re-encrypting sensitive values when not being actively accessed, using the Linux Kernel's Key Retention Service, and more.

To do this while reducing memory overhead, the app actually cannibalizes the memory structure of the opened KeePass database file by pulling values out of it and into its own data structures. This may or may not have been a good idea at the time, but it's the architecture the app has now. So, we have to work with that. The most likely solution is to serialize and encrypt a copy of the opened password database in memory, and then decrypt + update + save it when an edit is made.

And even once the editing function is done, -SAVING- the database is not so simple either. Password databases are important. We do not, under any circumstances, want to lose information. Therefore, just overwriting the .kdbx file is not sufficient:

We must handle the being changed by outside programs.
We must handle write failures.
We must handle running out of disk space.
... And probably more.

To save a KeePass database safely, the app will adopt a transactional approach to actually writing the file. But more on that later, once I have a clear picture of what is actually necessary. I will probably study the KeePassXC code to do this.

‗‗‗‗‗‗‗‗‗‗‗‗‗‗‗‗‗‗‗‗

⤴️ [/posts]

🏠 Home