kdbxtool.parsing.kdbx4¶
KDBX4 payload encryption and decryption.
This module handles the cryptographic operations for KDBX4 files: - Master key derivation from credentials - Header integrity verification (HMAC-SHA256) - Payload decryption and encryption - Block-based HMAC verification (HmacBlockStream) - Inner header parsing
KDBX4 structure: 1. Outer header (plaintext) 2. SHA-256 hash of header 3. HMAC-SHA256 of header 4. Encrypted payload (HmacBlockStream format)
Inner header
XML database content
Functions
|
Convenience function to read a KDBX4 file. |
|
Convenience function to write a KDBX4 file. |
Classes
|
Result of decrypting a KDBX4 file. |
|
KDBX4 inner header data. |
|
Reader for KDBX4 database files. |
Writer for KDBX4 database files. |
- class kdbxtool.parsing.kdbx4.InnerHeader(random_stream_id, random_stream_key, binaries)[source]¶
Bases:
objectKDBX4 inner header data.
The inner header appears after decryption, before the XML payload. It contains the protected stream cipher settings and binary attachments.
- Parameters:
- class kdbxtool.parsing.kdbx4.DecryptedPayload(header, inner_header, xml_data, transformed_key=None)[source]¶
Bases:
objectResult of decrypting a KDBX4 file.
Contains all data needed to work with the database.
- Parameters:
header (KdbxHeader)
inner_header (InnerHeader)
xml_data (bytes)
transformed_key (bytes | None)
- header: KdbxHeader¶
- inner_header: InnerHeader¶
- __init__(header, inner_header, xml_data, transformed_key=None)¶
- Parameters:
header (KdbxHeader)
inner_header (InnerHeader)
xml_data (bytes)
transformed_key (bytes | None)
- Return type:
None
- class kdbxtool.parsing.kdbx4.Kdbx4Reader(data)[source]¶
Bases:
objectReader for KDBX4 database files.
- Parameters:
data (bytes)
- __init__(data)[source]¶
Initialize reader with file data.
- Parameters:
data (bytes) – Complete KDBX4 file contents
- Return type:
None
- decrypt(password=None, keyfile_data=None, transformed_key=None, yubikey_response=None)[source]¶
Decrypt the KDBX4 file.
- Parameters:
- Returns:
DecryptedPayload with header, inner header, XML, and transformed_key
- Raises:
ValueError – If decryption fails (wrong credentials, corrupted file)
- Return type:
- class kdbxtool.parsing.kdbx4.Kdbx4Writer[source]¶
Bases:
objectWriter for KDBX4 database files.
- BLOCK_SIZE = 1048576¶
- encrypt(header, inner_header, xml_data, password=None, keyfile_data=None, transformed_key=None, yubikey_response=None)[source]¶
Encrypt database to KDBX4 format.
- Parameters:
header (KdbxHeader) – Outer header configuration
inner_header (InnerHeader) – Inner header with stream cipher and binaries
xml_data (bytes) – XML database content
password (str | None) – Optional password
keyfile_data (bytes | None) – Optional keyfile contents
transformed_key (bytes | None) – Optional precomputed transformed key (skips KDF)
yubikey_response (bytes | None) – Optional 20-byte YubiKey HMAC-SHA1 response
- Returns:
Complete KDBX4 file as bytes
- Return type:
- kdbxtool.parsing.kdbx4.read_kdbx4(data, password=None, keyfile_data=None, transformed_key=None, yubikey_response=None)[source]¶
Convenience function to read a KDBX4 file.
- Parameters:
- Returns:
DecryptedPayload with header, inner header, XML, and transformed_key
- Return type:
- kdbxtool.parsing.kdbx4.write_kdbx4(header, inner_header, xml_data, password=None, keyfile_data=None, transformed_key=None, yubikey_response=None)[source]¶
Convenience function to write a KDBX4 file.
- Parameters:
header (KdbxHeader) – Outer header configuration
inner_header (InnerHeader) – Inner header with stream cipher and binaries
xml_data (bytes) – XML database content
password (str | None) – Optional password
keyfile_data (bytes | None) – Optional keyfile contents
transformed_key (bytes | None) – Optional precomputed transformed key (skips KDF)
yubikey_response (bytes | None) – Optional 20-byte YubiKey HMAC-SHA1 response
- Returns:
Complete KDBX4 file as bytes
- Return type: