{"id":8437,"date":"2013-04-24T21:12:26","date_gmt":"2013-04-25T01:12:26","guid":{"rendered":"http:\/\/scruss.com\/blog\/?p=8437"},"modified":"2013-11-23T16:09:19","modified_gmt":"2013-11-23T21:09:19","slug":"mac-to-linux-1password-to-keepassx","status":"publish","type":"post","link":"https:\/\/scruss.com\/blog\/2013\/04\/24\/mac-to-linux-1password-to-keepassx\/","title":{"rendered":"Mac to Linux: 1Password to KeePassX"},"content":{"rendered":"

I have too many passwords to remember, so I’ve been using a password manager for years. First there was Keyring<\/a> for Palm OS, then 1Password<\/a> on the Mac. 1Password’s a very polished commercial program, but it only has Mac and Windows desktop clients. Sadly, it had to go.<\/p>\n

Finding a replacement was tough. It needed to be free, and yet cross-platform. It needed to work on iOS and Android. It also needed to integrate with a cloud service like Dropbox<\/a> so I could keep my passwords in sync. The only program that met all of these requirements was KeePassX<\/a>. I’ve stuck with the stable (v 0.4.3) branch rather than the flashy 2.0 version, as the older database format does all I need and is fully portable. MiniKeePass<\/a> on iOS and KeePassDroid<\/a> on Android look after my mobile needs. But first, I needed to get my password data out of 1Password.<\/p>\n

1Password offers two export formats: a delimited text format (which seemed to drop some of the more obscure fields), and the 1Password Interchange Format<\/em> (<\/wbr>1PIF). The latter is a\u00c2\u00a0JSON<\/a>ish format (\u00e0\u00b2\u00a0_\u00e0\u00b2\u00a0) containing a dump of all of the internal data structures. There is, of course, no documentation for this file format, because no-one would ever<\/em> move away from this lovely commercial software, no …<\/p>\n

So armed with my favourite swiss army chainsaw<\/a>, I set about picking the file apart. JSON::XS<\/a> and Data::Dumper::Simple<\/a> were invaluable for this process, and pretty soon I had all the fields picked apart that I cared about. I decided to write a converter that wrote KeePassX 1.x<\/em> XML, since it was readily imported into KeePassX, would could then write a database readable by all of the KeePass<\/a> variants.<\/p>\n

To run this converter you’ll need Perl, the JSON::XS<\/a> and Data::Dumper::Simple<\/a> modules, and if your Perl is older than about 5.12, the Time::Piece<\/a> module (it’s a core module for newer Perls, so you don’t have to install it). Here’s the code:<\/p>\n

\r\n#!\/usr\/bin\/perl -w\r\n# 1pw2kpxxml.pl - convert 1Password Exchange file to KeePassX XML\r\n# created by scruss on 02013\/04\/21\r\n\r\nuse strict;\r\nuse JSON::XS;\r\nuse HTML::Entities;\r\nuse Time::Piece;\r\n\r\n# print xml header\r\nprint <<HEADER;\r\n<!DOCTYPE KEEPASSX_DATABASE>\r\n<database>\r\n <group>\r\n  <title>General<\/title>\r\n  <icon>2<\/icon>\r\nHEADER\r\n\r\n##############################################################\r\n# Field Map\r\n#\r\n# 1Password\t\t\tKeePassX\r\n# ============================  ==============================\r\n# title        \t\t\ttitle\r\n# username\t\t\tusername\r\n# password\t\t\tpassword\r\n# location\t\t\turl\r\n# notesPlain\t\t\tcomment\r\n#    -\t\t\t\ticon\r\n# createdAt\t\t\tcreation\r\n#    -\t\t\t\tlastaccess\t(use updatedAt)\r\n# updatedAt\t\t\tlastmod\r\n#    -\t\t\t\texpire\t\t('Never')\r\n\r\n# 1PW exchange files are made of single lines of JSON (O_o)\r\n# interleaved with separators that start '**'\r\nwhile (<>) {\r\n    next if (\/^\\*\\*\/);    # skip separator\r\n    my $rec = decode_json($_);\r\n\r\n    # throw out records we don't want:\r\n    #  - 'trashed' entries\r\n    #  -  system.sync.Point entries\r\n    next if ( exists( $rec->{'trashed'} ) );\r\n    next if ( $rec->{'typeName'} eq 'system.sync.Point' );\r\n\r\n    print '  <entry>', "\\n";    # begin entry\r\n\r\n    ################\r\n    # title field\r\n    print '   <title>', xq( $rec->{'title'} ), '<\/title>', "\\n";\r\n\r\n    ################\r\n    # username field - can be in one of two places\r\n    my $username = '';\r\n\r\n    # 1. check secureContents as array\r\n    foreach ( @{ $rec->{'secureContents'}->{'fields'} } ) {\r\n        if (\r\n            (\r\n                exists( $_->{'designation'} )\r\n                && ( $_->{'designation'} eq 'username' )\r\n            )\r\n          )\r\n        {\r\n            $username = $_->{'value'};\r\n        }\r\n    }\r\n\r\n    # 2.  check secureContents as scalar\r\n    if ( $username eq '' ) {\r\n        $username = $rec->{'secureContents'}->{'username'}\r\n          if ( exists( $rec->{'secureContents'}->{'username'} ) );\r\n    }\r\n\r\n    print '   <username>', xq($username), '<\/username>', "\\n";\r\n\r\n    ################\r\n    # password field - as username\r\n    my $password = '';\r\n\r\n    # 1. check secureContents as array\r\n    foreach ( @{ $rec->{'secureContents'}->{'fields'} } ) {\r\n        if (\r\n            (\r\n                exists( $_->{'designation'} )\r\n                && ( $_->{'designation'} eq 'password' )\r\n            )\r\n          )\r\n        {\r\n            $password = $_->{'value'};\r\n        }\r\n    }\r\n\r\n    # 2.  check secureContents as scalar\r\n    if ( $password eq '' ) {\r\n        $password = $rec->{'secureContents'}->{'password'}\r\n          if ( exists( $rec->{'secureContents'}->{'password'} ) );\r\n    }\r\n\r\n    print '   <password>', xq($password), '<\/password>', "\\n";\r\n\r\n    ################\r\n    # url field\r\n    print '   <url>', xq( $rec->{'location'} ), '<\/url>', "\\n";\r\n\r\n    ################\r\n    # comment field\r\n    my $comment = '';\r\n    $comment = $rec->{'secureContents'}->{'notesPlain'}\r\n      if ( exists( $rec->{'secureContents'}->{'notesPlain'} ) );\r\n    $comment = xq($comment);    # pre-quote\r\n    $comment =~ s,\\\\n,<br\/>,g;  # replace escaped NL with HTML\r\n    $comment =~ s,\\n,<br\/>,mg;  # replace NL with HTML\r\n    print '   <comment>', $comment, '<\/comment>', "\\n";\r\n\r\n    ################\r\n    # icon field (placeholder)\r\n    print '   <icon>2<\/icon>', "\\n";\r\n\r\n    ################\r\n    # creation field\r\n    my $creation = localtime( $rec->{'createdAt'} );\r\n    print '   <creation>', $creation->datetime, '<\/creation>', "\\n";\r\n\r\n    ################\r\n    # lastaccess field\r\n    my $lastaccess = localtime( $rec->{'updatedAt'} );\r\n    print '   <lastaccess>', $lastaccess->datetime, '<\/lastaccess>', "\\n";\r\n\r\n    ################\r\n    # lastmod field (= lastaccess)\r\n    print '   <lastmod>', $lastaccess->datetime, '<\/lastmod>', "\\n";\r\n\r\n    ################\r\n    # expire field (placeholder)\r\n    print '   <expire>Never<\/expire>', "\\n";\r\n\r\n    print '  <\/entry>', "\\n";    # end entry\r\n}\r\n\r\n# print xml footer\r\nprint <<FOOTER;\r\n <\/group>\r\n<\/database>\r\nFOOTER\r\n\r\nexit;\r\n\r\nsub xq {                         # encode string for XML\r\n    $_ = shift;\r\n    return encode_entities( $_, q\/<>&"'\/ );\r\n}\r\n<\/pre>\n
To run it,<\/p>\n
.\/1pw2kpxxml.pl data.1pif > data.xml<\/pre>\n
You can then import data.xml into KeePassX.<\/p>\n
Please be careful to delete the 1PIF file and the data.xml once you’ve finished the export\/import. These files contain all of your passwords in plain text; if they fell into the wrong hands, it would be a disaster for your online identity. Be careful that none of these files accidentally slip onto backups, too. Also note that, while I think I’m quite a trustworthy bloke, to you, I’m Some Random Guy On The Internet<\/strong><\/em>. Check this code accordingly; I don’t warrant it for anything save for looking like line noise.<\/p>\n
Now on github: scruss \/ 1pw2kpxxml<\/a>, or download: 1pw2kpxxml.zip<\/a> (gpg signature: 1pw2kpxxml.zip.sig<\/a>)<\/p>\n
SHA1 Checksums:<\/p>\n