URL Cert KeyProvider Plugin

URLCertKeyProvider is a KeyProvider plugin for KeePass and a further development of MultiCertkeyProvider.

Like MultiCertkeyProvider, URLCertKeyProvider works with an AES key, which is encrypted with the X509 certificate (RSA keys) of a user, in an XML data set. A description of the process can be found on the MultiCertkeyProvider web page.

In contrast to MultiCertkeyProvider, this XML record is not read from a file, but from a Web server. The authentication towards the web server is also done with the X509 certificate selected by the user.
The components on the WebServer consist of a PHP script and a key file generated with KeyManagerRSA.

The procedure is as follows :

The plugin calls the provided PHP script on the web server and authenticates itself with the X509 certificate.
The PHP script searches the local key file for a record of the X509 certificate used for authentication and sends a corresponding XML record back to the plugin. This record contains the AES key aud of the key file encrypted with the certificate.
The plugin now decrypts the AES key with the private part of the certificate and passes it to Keepass.

More about KeePass Security can be found on the KeePass Security Page.


Currently this software is only available for Windows operating systems.
The used X509 certificates must have the property “Usage DataEncipherment enabled”.

Additionally a web server with PHP support and SSL authentication is required.


The software presented here is freely available for private use under the GNU Public License (see here).

The commercial use of the software, parts or the whole source code, or similar is only allowed with permission of the author. Permission is usually granted after explanation and extent of the intended use and an appropriate donation to the author or to non-profit projects.

In general :

  • A non-commercial use is free of charge (GNU-Public-License).
  • Commercial use requires permission (see above).
  • A separation of application and source code (if available) is not allowed.
  • Removal of copyright notices is not allowed.
  • Further restrictive copyright notices may be within the application or source code.

By downloading the application or source code, you are deemed to have accepted the above terms and conditions.



 File Version Size
URLCertKeyProvider Plugin 0.2 beta 16 kByte
URLCertKeyProvider Sources 0.2 beta 25 kByte
URLCertKeyProvider WebParts 2023-01 5 kByte

Change Log

Version 0.1
– initial Version