{"id":16798801,"url":"https://github.com/angelelz/winhellounlock","last_synced_at":"2025-05-05T16:21:57.532Z","repository":{"id":35970226,"uuid":"197678428","full_name":"Angelelz/WinHelloUnlock","owner":"Angelelz","description":"KeePass 2 plugin to automatically unlock databases with Windows Hello","archived":false,"fork":false,"pushed_at":"2024-06-09T11:18:57.000Z","size":440,"stargazers_count":176,"open_issues_count":23,"forks_count":20,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-03-30T22:22:04.903Z","etag":null,"topics":["biometric","keepass","plugin","unlock","windows-hello"],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Angelelz.png","metadata":{"files":{"readme":"ReadMe.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-07-19T01:13:08.000Z","updated_at":"2025-03-14T14:02:54.000Z","dependencies_parsed_at":"2024-10-27T11:57:18.028Z","dependency_job_id":"bcf402f5-db2e-4d79-bb1b-1c2f9e34056e","html_url":"https://github.com/Angelelz/WinHelloUnlock","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Angelelz%2FWinHelloUnlock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Angelelz%2FWinHelloUnlock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Angelelz%2FWinHelloUnlock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Angelelz%2FWinHelloUnlock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Angelelz","download_url":"https://codeload.github.com/Angelelz/WinHelloUnlock/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252531882,"owners_count":21763293,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["biometric","keepass","plugin","unlock","windows-hello"],"created_at":"2024-10-13T09:26:56.095Z","updated_at":"2025-05-05T16:21:57.516Z","avatar_url":"https://github.com/Angelelz.png","language":"C#","funding_links":["https://www.paypal.me/Angelelz"],"categories":[],"sub_categories":[],"readme":"WinHelloUnlock: Unlock KeePass 2 Databases with Windows Hello\n=============================================\n[![Latest release](https://img.shields.io/github/release/Angelelz/WinHelloUnlock.svg?label=latest%20release)](https://github.com/Angelelz/WinHelloUnlock/releases/latest)\n[![GitHub issues](https://img.shields.io/github/issues/Angelelz/WinHelloUnlock.svg)](https://github.com/Angelelz/WinHelloUnlock/issues)\n[![Github All Releases](https://img.shields.io/github/downloads/Angelelz/WinHelloUnlock/total.svg)](https://github.com/Angelelz/WinHelloUnlock/releases)\n[![License](https://img.shields.io/github/license/Angelelz/WinHelloUnlock.svg)](https://github.com/Angelelz/WinHelloUnlock/blob/master/LICENSE)\n\nThis plugin for [KeePass 2][KeePass] password manager is intended to conveniently Unlock your database using biometrics with [Windows Hello technology][WinHello].\n\n[KeePass]: https://keepass.info/\n[WinHello]: https://support.microsoft.com/en-us/help/17215/windows-10-what-is-hello\n\nThis plugin is heavily based on [KeePassWinHello][KeePassWinHello] and [KeePassQuickUnlock][QuickUnlock]. I am not a programmer, so I copied most of the code from them, but implemented a different way of storing the MasterKey data to allow plugin functionality, even after rebooting your computer, using Password Vault, Password Credentials and Key Credentials from Windows UWP APIs.\n\n[KeePassWinHello]: https://github.com/sirAndros/KeePassWinHello\n[QuickUnlock]: https://github.com/JanisEst/KeePassQuickUnlock\n\nDisclaimer\n-----\n\nI tried my best to not compromise security! Please, take a look at the code and tell me what could be better. Having said that, we know nothing about Windows Hello internals, and how secure it actually is. By using this plugin, you are putting your trust in my implementation of Windows Hello technology (that you can check on the code), and Windows Hello robustness itself (that you cannot check).\n\nUsage\n-----\n\nWith this plugin you may:\n\nUnlock your database using Biometric via Windows Hello. Even after completely closing KeePass or rebooting your PC.\n\nSystems Requirements\n--------------------\n\nThis plugin relies on Windows Hello API and its [requirements][WinHelloReq].\n\nTested on HP Spectre x360 with KeePass 2.50\n\n[WinHelloReq]: https://www.microsoft.com/en-US/windows/windows-10-specifications\n\nHow to Install\n--------------\n\nPlace [WinHelloUnlock.dll][binLink] into `Plugins` folder in your KeePass installation\n*(by default is `C:\\Program Files (x86)\\KeePass Password Safe 2`)*.\n\n[binLink]: https://github.com/Angelelz/WinHelloUnlock/releases \"Plugin Releases\"\n\nBuild from Source\n-----------------\n\nI've worked on this project on Microsoft Visual Studio. If you plan to clone and build yourself, I suggest you use the same. It's just easier to build a class library.\nAfter clonning the repo, open the .sln file and fix the keepass reference:\n- Download latest portable keepass build and unzip it in a folder of your choice\n- In the Solution Explorer in Visual Studio open `References`\n- Click `KeePass` and in its properties, change the path to the path of the portable KeePass you downloaded\n\nYou would also probably need to add the following NuGet packages:\n- Microsoft.Windows.SDK.Contracts\n- System.Runtime.WindowsRuntime\n- System.Runtime.WindowsRuntime.UI.Xaml\n\n\nSetup\n-----\n\nAfter installation, open your database and unlock it using your composite key. Unlocking with any combination of Password/KeyFile/WindowsUserAccount is supported. Secure Desktop is supported.\n\n\u003cimg src=\"https://raw.githubusercontent.com/Angelelz/WinHelloUnlock/master/WinHelloUnlock/Screenshots/ToUnlock.png\" width=770/\u003e\n\nWhen your database is unlocked, you will be asked if you want to set up WinHelloUnlock. If you cancel this dialog, the plugin will disable itself for this database and you will need to manually enable it in the options menu.\n\n\u003cimg src=\"https://raw.githubusercontent.com/Angelelz/WinHelloUnlock/master/WinHelloUnlock/Screenshots/FirstPrompt.png\" width=381/\u003e\n\nA Windows Hello prompt will be shown to cryptographically sign and encrypt your Master Key data.\n\n\u003cimg src=\"https://raw.githubusercontent.com/Angelelz/WinHelloUnlock/master/WinHelloUnlock/Screenshots/WinHello.png\" width=449/\u003e\n\nYou should receive a confirmation after a successful set up.\n\n\u003cimg src=\"https://raw.githubusercontent.com/Angelelz/WinHelloUnlock/master/WinHelloUnlock/Screenshots/Confirmation.png\" width=258/\u003e\n\nOptions\n-------\n\nThe plugin integrates itself into the KeePass settings dialog.\n\n\u003cimg src=\"https://raw.githubusercontent.com/Angelelz/WinHelloUnlock/master/WinHelloUnlock/Screenshots/Options.png\" width=600/\u003e\n\nAvailable settings:\n\n* Enable or disable the plugin for this particular database. If you disable it, you will not be asked to set WinHelloUnlock every time you unlock your database.\n* Re-lock databases after unlocking them to perform an AutoType.\n* Create or delete WinHelloUnlock data for this particular database.\n\nNotes\n-----\n\nNo sensitive information including master passwords for databases are stored by the plugin in a plain text. A database key is encrypted and decrypted using Windows Hello API in order to unlock the database.\nKeePass Composite Key data is [*Encrypted*](https://docs.microsoft.com/en-us/uwp/api/windows.security.cryptography.core.cryptographicengine.encrypt) with a [*Cryptographic Key*](https://docs.microsoft.com/en-us/uwp/api/windows.security.cryptography.core.cryptographickey) signed with a *Windows Hello* [*Key Credential*](https://docs.microsoft.com/en-us/uwp/api/windows.security.credentials.keycredential) and saved as a [*Password Credential*](https://docs.microsoft.com/en-us/uwp/api/windows.security.credentials.passwordcredential) to a [*Password Vault*](https://docs.microsoft.com/en-us/uwp/api/windows.security.credentials.passwordvault).\nTo decrypt this data, you need to:\n* Have access to the Password Vault\n* Have access to the Cryptographic Key\n* Be able to Cryptographically sign the Cryptographic Key with Windows Hello\n\nSo basically, you need to have access to the data, the hardware and the biometrics (or pin).\n\nAs I said, I'm not a programmer, so any criticism will be well received. Feel free to commit any change or PR.\n\nCredits\n-------\n\n* _Microsoft_ for [Windows Hello][WinHello] technology\n* _JanisEst_ and his [KeePassQuickUnlock](https://github.com/JanisEst/KeePassQuickUnlock)\n* _sirAndros_ and his [KeePassWinHello](https://github.com/sirAndros/KeePassWinHello)\n\nWinHelloUnlock vs KeePassWinHello\n-------\n\nBy the time this plugin was created, KeePassWinHello did not have to option to remain active after Keepass is completly closed, so that was the main reason for it to be crated in the first place. I think they were working on that option, but I could not help them beacuse I did not understand most of their code (Way too advanced implementation for a beginner like me). I think they save the MasterKey info in memory, but WinHelloUnlock saves it encrypted to a Windows Password Credential.\n\nWinHelloUnlock does not implement a way for the credential to expire (like KeePassWinHello do), but implements a way for the credential to be deleted by the user.\n\nDonations?\n-------\n\n[Donations](https://www.paypal.me/Angelelz)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fangelelz%2Fwinhellounlock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fangelelz%2Fwinhellounlock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fangelelz%2Fwinhellounlock/lists"}