URLCertKeyProvider is a KeyProvider plugin for KeePass and a further development of MultiCertkeyProvider.
Like MultiCertkeyProvider, URLCertKeyProvider works with an AES key, which is encrypted with the X509 certificate (RSA keys) of a user, in an XML data set. A description of the process can be found on the MultiCertkeyProvider web page.
In contrast to MultiCertkeyProvider, this XML record is not read from a file, but from a Web server. The authentication towards the web server is also done with the X509 certificate selected by the user.
The components on the WebServer consist of a PHP script and a key file generated with KeyManagerRSA.
The procedure is as follows :
The plugin calls the provided PHP script on the web server and authenticates itself with the X509 certificate.
The PHP script searches the local key file for a record of the X509 certificate used for authentication and sends a corresponding XML record back to the plugin. This record contains the AES key aud of the key file encrypted with the certificate.
The plugin now decrypts the AES key with the private part of the certificate and passes it to Keepass.
More about KeePass Security can be found on the KeePass Security Page.
Currently this software is only available for Windows operating systems.
The used X509 certificates must have the property “Usage DataEncipherment enabled”.
Additionally a web server with PHP support and SSL authentication is required.