Version v8.0.0
With KeePass Client v7.11.43
Release Date
April 12th, 2023
These Release Notes detail the differences between this release and the previous version.
New Feature: Zero Knowledge Encryption
- Summary:
-
Zero Knowledge Encryption provides superior privacy and data protection.
-
Users passwords are encrypted before they leave their device, and remain encrypted in transit and on the server. Decryption requires the unique user key, available only to the user, inaccessible to the server.
- Even the server itself does not have the knowledge or ability to decrypt these keys, and so cannot access the user's passwords.
-
In other words, no one else can decrypt the user's passwords—even if they have (or gain) access to the password server or intercept the data during transfer. Because only the user has the key, the user's passwords can only be accessed on their own devices, via their own software.
-
For more information, click here.
-
- Description:
- Configured in Settings.
- Allows users to selectively encrypt entries using client-side encryption, so that the data values are not even accessible to the server or database.
- Provides users with their own secure set of encryption keys.
- Encrypted fields are encrypted / decrypted using these keys.
- These keys are derived from the user's own Encryption Password or Secret Key (randomly generated key, securely stored into the user's device).
-
Benefits:
- Protects secrets Internally, or from your Hosting or Cloud Partners
- Provides an additional encryption layer in-transit and at-rest (on the database & server)
-
Available in:
-
Enterprise+SSO edition
- Web Client (only, at this time)
-
-
Feature Support:
- Passwordless Sign-In (with SAML SSO)
- Client-side Encryption
- Encryption Option for Entry Fields
- Passwords
- Authenticator Secrets
- Authentication Methods:
- Secret Keys
- User Encryption Passwords
- Secret Keys or Encryption Passwords
- Corporate Key Architecture - for admins
- Unique User Encryption Keys
- Password Resets
- by Admin - with Corporate Keys
- by User - Self-Serve Reset
- Share Secrets Securely - with other users
- Active Directory/LDAP Integration
- Trust Remote Sources - manual/auto-approval
- New Device Easy-Transfer of Secret Keys
- Automatic Error Checking and Resolution
- Client Logging to Server
- Secure Shared Web Worker Technology - web client support
- Military Grade Encryption: AES256-GCM, RSA 2048-bit Asymmetric
New Feature: File Integrity Monitoring
-
Description & Features:
- Ability to enable application file scans - to ensure the integrity of the files, remain unchanged from the vendor's original files, and have not been altered, replaced, or corrupted.
- Ability to automatically stop the site if the service detects any file changes, so that there is no corruption of data
- The application will not run until the file errors are corrected
- FIM Alerts - Reports the specific file errors found.
-
Available in:
-
Enterprise+SSO edition
- Server & Web client files
-
New Feature: Web Client Export
- Option to Export to CSV file from the web application.
- (expect to see more secure features options in the future)
Improvements
- Web login window display changes to support added security capabilities.
- Minor main menu changes.
- Added hints for Entry fields with explanations.
Bug Fixes
Known Issue
-
KeePass client File Size:
- Benefit: For secure authentication and helpful mitigation of security issues, the install files include WebView2 component which supports customer options for rigorous OAuth authentication methods and application proxy.
- Drawback: KeePass desktop install file size: 372 MB
- This reduces the many unfortunate install failures or potential security issues.
- In the future, with further improvements the support for the machine's default browser will replace this WebView2 component. This will bring the large file size back down to previous levels.
-
Requires .NET 4.8
- The Upgrade may try to download these .NET 4.8 files from the internet for the upgrade, if they are not already installed:
- Running this once before install/upgrade will ensure the install process is smooth.
-
Stalled Install progress:
- Otherwise, if the file installation appears to be stalled after 10 minutes, stop, restart the machine, and restart the install.
- The .NET framework files have now been added and the install should run smoothly.
Compatibility Notes
- All KeePass users must upgrade to a KeePass client version 7.11.43 through 8.0.0.