A  A

AD·VNVM·DATVM Down to a single bit of data : Page 3 KeePass2 KPScript Installation on Linux

Posted in || , , 3 min. to read

In short:

KeePass2 comes with an extension that gives it a Command-Line Interface. I found it confusing to install in Linux, and so am posting instructions here.

I recently wrote about extending the functionality of the KeePass2 password manager to allow the creation of CSV files from KeePass2 password database files. KeePass2 has a wide variety of functionality built in, and has a straightforward GUI. GUI = Graphical User Interface It also comes with an extension, called kpscript, that adds a robust CLI. CLI = Command-Line Interface Installing KPScript in Linux was confusing to me, so I'm posting quick instructions here, hoping that they might be useful to someone coming to this site from a search engine in the future.

These instructions are derived from a working PKGBUILD for Arch Linux by Jonathan Liu in the Arch User Repository (AUR). I've expanded them to work for other Linux distributions, as well; I tested the instructions in openSUSE 13.1, but they should work anywhere. They might even work in Mac OSX.

Initial information-gathering

  1. Having installed KeePass through your distro. repository, run which keepass in a terminal to see where the keepass program file is stored on your system. In openSUSE 13.1, the location is /usr/bin/keepass.
  2. If you use that location and run cat with it (e.g., cat /usr/bin/keepass), you'll likely see that, rather than being a binary file, usr/bin/keepass is actually a shell script with one line:
exec mono /usr/lib/keepass/KeePass.exe "$@"

("$@" here represents all of the arguments that the user types in after the keepass command [e.g., keepass --help])

What we're looking for here is the location of KeePass.exe — here, /usr/lib/keepass/KeePass.exe. In some distros, this will be in usr/share/keepass/KeePass.exe, instead.

If that method doesn't work on your system, you can launch KeePass2, open a terminal, and run ps ax | grep keepass, which will search all running processes on your system and give you output similar to what's above (e.g., mono /usr/lib/keepass/KeePass.exe).

The kpscript documentation states that "the KPScript.exe file needs to be copied into the directory where KeePass is installed (where the KeePass.exe file is)."

Now that you have the location of KeePass.exe, you can install kpscript

  1. Download KPScript.exe from the link above.
  2. "Install" KPScript.exe using the following commands (assuming that the directory of note above was /usr/lib/keepass):
sudo install -D -m644 KPScript.exe "/usr/lib/keepass/KPScript.exe"
echo '/usr/bin/mono /usr/lib/keepass/KPScript.exe "$@"' > /tmp/kpscript
sudo install -D -m755 /tmp/kpscript "/usr/bin/kpscript"

You should now be able to run kpscript from any new terminal. You can launch kpscript commands and have them ask for your KeePass2 password / key using the KeePass GUI password prompt using kpscript /path/to/KeePass2_file.kdbx -guikeyprompt -c:ListGroups (-c: gives kpscript a command to run — here, after entering your password, kpscript would list all password groups in your .kdbx file.

If you are planning to run kpscript over a server, where you won't have access to a GUI prompt, you are expected to enter your password in plain text as part of your kpscript invocation (e.g., with kpscript /path/to/KeePass2_file.kdbx -guikeyprompt -c:ListGroups -pw:"your_password_goes_here"). If you are uncomfortable with that, here is a bash script that prompts for the password in a more secure way (i.e., without showing it as you type it in):


read -s -p "If your database has a password, enter it here (it will be passed to kpscript with the '-pw' flag). Otherwise, just press [Enter]: " user_password 

if [ ! -z "$user_password" ]; # If the user entered anything (if $user_password is NOT zero-length (i.e., blank)):
    kpscript -pw:$user_password "$@"
    kpscript "$@"

More Posts:

  1. A Converter for Full KeePass2 XML Export to CSV // If you use KeePass2, you may have noticed that CSV exports do not include user-defined columns. I wrote a script to convert KeePass2 XML exports to CSV, allowing CSV exporting from KeePass2.
  2. Retroactive Publishing // I will be publishing several posts retroactively in the coming weeks.
  3. A Note on Hard Drives and Protected Data // If you need to store protected information on an unencrypted hard drive, even temporarily, there is a quick step that you can take to protect your data from being written possibly irrevocably to the hard drive.
  4. Paperback is Fascinating, Exciting, and Funnily Funny // Paperback is an open-source program that was apparently created as a joke for paper-based backups, but works, and well.
  5. Automating Quiz Grading (for Qualtrics Data) with R // I've written an R script to automate the grading process for short multiple-choice quizzes, and am releasing it for others who are teaching and using online data-collection methods.
  6. A Short, Motivational Video about the Exciting World of Bash (the Linux and Mac OSX Command-Line) // As part of the Software Carpentry Instructors' Training program, I created a short video to excite viewers about the most common Unix Command-Line Interface, "bash."
  7. I've written a short SQL introduction for R // I've written a short introduction to the sqldf package, which allows using SQL (which is commonly used for querying databases) in R.
  8. A simple explanation of the MIT license // A simple explanation of the MIT license.
  9. Data Preprocessing in R — Processing Obituaries for Gephi // A tutorial for using R to convert comma-separated lists of character traits into a format suitable for Gephi, a network-mapping tool (includes a neat picture!)