I recently found the ability of attaching files to entries in KeePass 2.0: does KeePass just remember the location of files attached to the entry or does it encrypt the attached files inside the KeePass database somehow?
Asked
Active
Viewed 8,234 times
6
-
I guess it can be both... Keepass might store encrypted attachments, but also remember the location for (manual) updating. Actually, I would very much like the second option, see [this](https://security.stackexchange.com/questions/178314/keepass-2-storing-linked-files).. – sancho.s ReinstateMonicaCellio Jan 24 '18 at 17:19
2 Answers
7
From the KeePass documentation:
File attachments are stored encrypted in the database (like all other database content).
WhiteWinterWolf
- 19,082
- 4
- 58
- 104
Xander
- 35,525
- 27
- 113
- 141
3
From experience, I can tell you that it embeds the file inside the .kdb. I cannot say for sure that it encrypts them, although I would have to assume so, and would be extremely concerned if it did not (as I understand it, everything inside the file is encrypted).
You can easily test the linking-vs-attaching behavior for yourself by adding a large-ish file and seeing the size of your .kdb shoot up.
Andrew Ferrier
- 144
- 8
-
Heh. A strange thing happened when I added a file.. It went down by 3kb. Guessing somehow it found a better way of compressing the data. I'll probably try a really big file latter today though – Matt Oct 12 '14 at 18:26
-
Stores the files. I frequently use Keypass attachments. Mostly to store all my key pairs securely in one place; as well as digital scans of some important documents (passport, birth certificate, etc). On any modern PC or mobile, a 4MB keystore isn't a problem; and a single critical file is easier to backup to every conceivable device and medium in my house. – LateralFractal Oct 12 '14 at 22:59