Keepass Portable Vs Installer

[Cripin Plascencia]

UpdatingKeePass:

When a new KeePass version has been released, you can update your existing KeePassinstallation, without losing any configuration settings. The steps aredepending on which package you are using (installer or portable), see below.

Additionally, KeePass is automatically configured to store its settings inthe application data directory of the current user.This way multiple users can use one KeePassinstallation without overwriting each other's settings (each user has hisown configuration file).The setup program must run with administrativerights, however KeePass runs fine without administrative rights once itis installed.

Uninstallation:

In order to uninstall KeePass, run the uninstallation program, which isaccessible by a shortcut in the start menu folder of KeePass, or inthe program section of the system control panel. If you also wantto remove your configuration settings, you need to delete the configurationfile in the application data directory of your user profile, seeConfiguration.

Silent Installation:

The KeePass installer KeePass-2.xx-Setup.exe supports command lineswitches for silent installation, i.e. the program gets installed withoutasking the user for target directory or association options. The default settingsof the installer are used.

Destination Path:

The installer allows to choose the destination path to which KeePass isinstalled.However, when the installer detects an existing KeePass installation, itassumes that the user wants to perform an upgrade and thus doesn'tdisplay the destination path selection page; the old version will be overwrittenby the new version.If you want to move an existing KeePass installation to a different path,first uninstall the old version; the installer of the new version will thendisplay the destination path selection page again.

The portable version can be carried around on portable devices (like USBsticks) and runs on any computer directly from the device, without anyinstallation.It doesn't store anything on your system (in contrast tothe setup package, see above). KeePass doesn't create any newregistry keys and it doesn't create any configuration files in your Windowsor application data directory of your user profile.

Make sure that KeePass has write access toits application directory. Otherwise, if it doesn't have, it'll attemptto store the configuration options (nothing security-relevant though) into theapplication data directory of the currently logged on user.For more about that, see this page:Configuration.

Installation:

KeePass does not need to be installed. Just download the ZIP package, unpackit with your favorite ZIP program and KeePass is ready to be used. Copy it toa location of your choice (for example onto your USB stick); noadditional configuration or installation is needed.

Updating:

Download the latest portable package of KeePass, unpack itand copy all new files over the old ones. Your configuration settings will notbe lost (the settings are stored in the KeePass.config.xml file,which won't be overwritten, because KeePass ZIP packages don'tinclude a KeePass.config.xml file).

Clipboard:

On some systems, Mono's clipboard routines don't work properly.In this case, install the xsel and xdotool packages.If these are installed, KeePass uses them for clipboard operations.

Global Auto-Type:

In order to use global auto-type,you need to create an appropriate system-wide hot key. This only needs to be donemanually once. KeePass performs global auto-type when it's invoked withthe --auto-type command line option.

Important: for global auto-type, the version of the xdotool packagemust be 2.20100818.3004 or higher! If your distribution only offers anolder version, you can download and install the latest version of thepackage manually, see the xdotool website.

Although you can run KeePass 2.x more or less natively on Unix-like systemsusing Mono (see above), the user interface does not always look pretty.Some users therefore prefer running KeePass 2.x under Wine.

MacOS.In order to make a MacOS application bundle wrapper, you can useWineskin.In the wrapper settings, we recommend to go to 'Screen Options' and turn onthe option 'Use Mac Driver instead of X11'.

The approach below worked perfectly when this documentation was written.However, as this type of Mono installation is nowhere mentioned on the Monowebsite, it might stop working with a future Mono release.

These instructions explain how to configure Kee to use KeePass as the storage location for protected passwords. If you use Kee Vault it is not necessary to follow these instructions, although advanced users may still wish to - read about using Kee with Kee Vault and KeePass first though.

Kee communicates with KeePass Password Safe 2 to store your passwords (unless you are using Kee Vault instead). You will need to install the KeePassRPC plugin for KeePass Password Safe 2 which enables this communication. It is as easy as putting a file in the right place on your computer and restarting KeePass.

Windows XP and Vista are no longer officially supported; they might still work if you install the latest .NET Framework but we strongly recommend upgrading since it is no longer possible to secure your password data on top of these insecure operating systems.

On a multi-user system, it may be easier to get keepass2 or mono-complete (from the Ubuntu repository) than the current KeePassPRC.plgx. The user should be able to do that by themself, just like installing Kee from the Firefox extensions repository.

Is there any security advantage(even options\perferences hiding) to using the portable mode over the installer mode on windows?

Specifically is there a way to hide your keepass options\password generator?

There is no security difference between the portable version vs the installer version, except that by default the installer version installs KeePass in a sub-folder of one of the special Programs Files folder.

Password generator profiles are not secrets that need to be protected. Only the generated secret password needs to be secret. A password needs to be strong enough to withstand a dictionary attack assuming that everything is known about the password except the password itself.

options could pose risk as the attacker knows critical info about what is allowed for keepass or how it works.

for example if my clipboard auto clear-time is set to a fixed 10 seconds, the attacker can easily write program that would track time between something copied to clipboard and its clear, resulting in a very easy way to find your password.

ofc in this scenario the host is already comprised and is infected but hiding such options could further increase the difficulty for an attacker.

another good example is to set auto remember for keyfile so then once the user opens the DB you can easily know the path of the keyfile. or allowing and installing some malicious plugin you wrote, user doesn't notice the change.

the point is you can get a lot of valuable info about the DB from the options menu. I just wish there was a way to keep options inside the DB(doesn't sound impossible since you don't really need the options to open the DB)

See the KeePass documentation web page on Security for a general discussion of security of KeePass while in either the open or locked/closed state. To address your particualar concerns, see the section on protection against specialized spyware.

The one problem I have is with the installer. My parents have begun using it on my advice and as they say, no good deed goes unpunished. Every single time there is a new update, they attempt to install it but the installer gets to a point where it chokes and refuses to continue because KeePass is already running! This is not a problem for me, this is a problem for my non-techie parents who struggle to understand how to close KeePass (since it hides in the system tray when they dismiss the window). This is 2023 guys! This installer must be the only one left on the planet that won't automatically close the running instance and proceed with the installation! Come on!

Yeah, 2 things need to be improved with regard to the installer: it should offer the option to automatically exit any running KeePass in order to be able to install smoothly (and then restart it if it was running before), and do not ask for any options if it's an upgrade, simply reusing selections that were used for initial installation. That would make it so much simpler. Git for Windows is an excellent example of that approach.

Bonjour,

J'ai essay plusieurs reprise d'insatller Keepass 2.23 sur mon MacBook Pro mais l'application ne s'ouvre pas.

J'ai suivi la procdure d'installation en tlchargeant au pralable les applications "mono-project" et "XQuartz" mais a ne marche pas ! Le terminal ne s'ouvre pas.

Merci de me dire comment je peux installer cette application que j'utilise dj depuis longtemps sur Windows.

The problems reported on the KeePass forum have been resolved, we have reworked the installation process, KeePass installation is now done by an installer, which should make the installation easier. We are working on further integration with OS X native Cocoa interface, and bundling it with Mono so that a separate Mono download is no longer needed ...

I have used KeePassX Alpha Release mentioned in previous posts, but have found MacPass to be a great alternative. It feels more like a native OSX app, attempting to create a native OS X port of KeePass. It can Open/Save some Kdbx and Kdb databases:

I have tried to use Keepass on OSX, but it doesn't work very well; it is slow as hell and crashes all the time. I ended up getting KyPass Companion from the AppStore. It works very well and supports both Keepass 1 and 2 databases.

Greetings,

(Disclaimer: I did do a 'Search' and looked through a number of pages & posts prior to posting a new thread. However please feel free to point me in right direction if it's already been answered! :)

3a8082e126