KeePass 2.x plug-in and Android-app to allow for two-factor-authentication using biometrical data such as fingerprint or face-recognition.
As stated KeeBiometrics consists of two main components. One being the KeePass 2.x plug-in for Windows, registering as a Key Provider which handles the remote authentication and unlocking of the KeePass database. The authentication is done via the KeeBimoetrics Android-app, which uses the fingerprint or face-recognition APIs of your smartphone or tablet to send a secret key over a secured connection to the KeePass plug-in running on your Windows-host.
This allows you to simply use your fingerprint or other biometrical authentication methods made available by the Android API to unlock your KeePass database on your PC.
After installing the .apk on your phone/tablet and dropping the plug-in in your <KeePass-install-dir>/Plugins folder, you will need to register your Android device as a Trusted-Device. The following diagram illustrates the registration-procedure:
After you have a Trusted-Device registered, you can unlock your database via fingerprint, face-recognition or any other biometric authentication method provided by your Android OS. The following diagram shows the unlock-procedure:
While designing this application special care was taken with regards to security. The goal was to hold up to the current state-of-the-art security expectations, and in particular, not to imped the level of security presented by KeePass 2.x. Still KeeBiometrics is heavily dependant on third-party software, such as the Windows/Android OS, the sensor-hardware, or security libraries used for encryption and signing. These factors may differ from device to device, and make an overall security assessment difficult. Still these outside factors should be kept in mind when using this application.
KeeBiometrics itself is using protocols such as TLSv1.2 with client and server authentication combined with proven algorithms such as RSA and AES to reduce its own attack-surface.
In case You find any security issues or risks that you think should be discussed, please open an issue on the project's GitHub. Feedback is always welcome and reviews by the public are seen as an essential building block in creating a secure application.