.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "File::KDBX::Key 3pm" .TH File::KDBX::Key 3pm "2022-11-20" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" File::KDBX::Key \- A credential that can protect a KDBX file .SH "VERSION" .IX Header "VERSION" version 0.906 .SH "DESCRIPTION" .IX Header "DESCRIPTION" A master key is one or more credentials that can protect a \s-1KDBX\s0 database. When you encrypt a database with a master key, you will need the master key to decrypt it. \fBKeep your master key safe!\fR If someone gains access to your master key, they can open your database. If you forget or lose any part of your master key, all data in the database is lost. .PP There are several different types of keys, each implemented as a subclass: .IP "\(bu" 4 File::KDBX::Key::Password \- Password or passphrase, knowledge of a string of characters .IP "\(bu" 4 File::KDBX::Key::File \- Possession of a file (\*(L"key file\*(R") with a secret .IP "\(bu" 4 File::KDBX::Key::ChallengeResponse \- Possession of a device that responds correctly when challenged .IP "\(bu" 4 File::KDBX::Key::YubiKey \- Possession of a YubiKey hardware device (a type of challenge-response) .IP "\(bu" 4 File::KDBX::Key::Composite \- One or more keys combined as one .PP A good master key is produced from a high amount of \*(L"entropy\*(R" (unpredictability). The more entropy the better. Combining multiple keys into a \fBComposite\fR key combines the entropy of each individual key. For example, if you have a weak password and you combine it with other keys, the composite key is stronger than the weak password key by itself. (Of course it's much better to not have any weak components of your master key.) .PP \&\fB\s-1COMPATIBILITY NOTE:\s0\fR Most KeePass implementations are limited in the types and numbers of keys they support. \&\fBPassword\fR keys are pretty much universally supported. \fBFile\fR keys are pretty well-supported. Many do not support challenge-response keys. If you are concerned about compatibility, you should stick with one of these well-supported configurations: .IP "\(bu" 4 One password .IP "\(bu" 4 One key file .IP "\(bu" 4 Composite of one password and one key file .SH "METHODS" .IX Header "METHODS" .SS "new" .IX Subsection "new" .Vb 2 \& $key = File::KDBX::Key\->new({ password => $password }); \& $key = File::KDBX::Key\->new($password); \& \& $key = File::KDBX::Key\->new({ file => $filepath }); \& $key = File::KDBX::Key\->new(\e$file); \& $key = File::KDBX::Key\->new(\e*FILE); \& \& $key = File::KDBX::Key\->new({ composite => [...] }); \& $key = File::KDBX::Key\->new([...]); # composite key \& \& $key = File::KDBX::Key\->new({ responder => \e&responder }); \& $key = File::KDBX::Key\->new(\e&responder); # challenge\-response key .Ve .PP Construct a new key. .PP The primitive used to construct the key is not saved but is immediately converted to a raw encryption key (see \&\*(L"raw_key\*(R"). .PP A File::KDBX::Key::Composite is somewhat special in that it does retain a reference to its component keys, and its raw key is calculated from its components on demand. .SS "init" .IX Subsection "init" .Vb 1 \& $key = $key\->init($primitive); .Ve .PP Initialize a File::KDBX::Key with a new primitive. Returns itself to allow method chaining. .SS "reload" .IX Subsection "reload" .Vb 1 \& $key = $key\->reload; .Ve .PP Reload a key by re-reading the key source and recalculating the raw key. Returns itself to allow method chaining. .SS "raw_key" .IX Subsection "raw_key" .Vb 2 \& $raw_key = $key\->raw_key; \& $raw_key = $key\->raw_key($challenge); .Ve .PP Get the raw encryption key. This is calculated based on the primitive(s). The \f(CW$challenge\fR argument is for challenge-response type keys and is ignored by other types. .PP \&\fB\s-1NOTE:\s0\fR The raw key is sensitive information and so is memory-protected while not being accessed. If you access it, you should memzero or \*(L"erase\*(R" in File::KDBX::Util it when you're done. .SS "hide" .IX Subsection "hide" .Vb 1 \& $key = $key\->hide; .Ve .PP Put the raw key in memory protection. Does nothing if the raw key is already in memory protection. Returns itself to allow method chaining. .SS "show" .IX Subsection "show" .Vb 1 \& $key = $key\->show; .Ve .PP Bring the raw key out of memory protection. Does nothing if the raw key is already out of memory protection. Returns itself to allow method chaining. .SS "is_hidden" .IX Subsection "is_hidden" .Vb 1 \& $bool = $key\->is_hidden; .Ve .PP Get whether or not the key's raw secret is currently in memory protection. .SH "BUGS" .IX Header "BUGS" Please report any bugs or feature requests on the bugtracker website .PP When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. .SH "AUTHOR" .IX Header "AUTHOR" Charles McGarvey .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" This software is copyright (c) 2022 by Charles McGarvey. .PP This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.