File Attachments

May 2, 2014 at 11:11 PM
I am hoping to store photos of drivers license and vehicle registration inside Keepass2Android. If I store them as file attachments to an entry, I have a few questions:

1) Are they stored and encrypted as part of the Keepass database? Or are they stored unencrypted in a user-defined directory in "Settings>File Handling>File Attachments Directory"?

2) When I attempt to open them in an entry, I am given options of "Save to cache and open" and "Save to SD card". Is this only to view them, as I assume Keepass2Android has no native viewer? I am concerned that when I open to view them and they are copied to either cache or SD card, they will be visible to others.

3) I suppose this question is dependent upon question #1, but when I copy the Keepass2Android file to my Windows desktop, will these file attachements be available to Keepass running under Windows?
May 4, 2014 at 11:53 AM
1.) they are stored in the kdbx. The File Attachements Directory is only if you choose "Save to SD card".

2.) If you save the file to SD card, it will obviously be visible to all other apps with read permissions on your SD card. The cache however is protected. No app will be able to access it (unless the one you choose to handle the file). Note, also, that on rooted phones apps with root permissions might access the file.

3.) yes
May 4, 2014 at 4:39 PM
If I elect to "Save to cache and open", I would like to clear the cache after opening and viewing a file attachment. Is there a way to clear the cache from within Keepass2Android itself, or do I have to manually clear it through the stock Android Application Manager?
May 6, 2014 at 9:00 AM
very early I have added a feature request for this ( but this didn't receive any attention so I haven't implemented it up to now. Please note that clearing the complete cache unfortunately also clears any cached databases (if you use this feature).
May 6, 2014 at 4:16 PM
As I use the offline version of Keepass2Android, I have no problem clearing the cache. I would prefer to have it done automatically via a setting from your program; however, I can set up a settings shortcut to quickly clear it after exiting Keepass2Android. I just need to remember to do it! This seems to be the one potentially unsecure area of Keepass2Android. I cast a vote for the feature request that you linked to, so total count is now 3.

Please don't misinterpret me as complaining. I very much appreciate your willingness to share your program with the rest of us. I evaluated many different options for an Android/desktop password manager and felt Keepass on the desktop and your program for Android is the best, most secure option. Thanks again for all you've done!
May 11, 2014 at 6:21 PM
I saw that my statement was incorrect: this issue was fixed long ago but not reflected here on codeplex. there is no option. As soon as you see the entry view, the cache was already cleared.
May 12, 2014 at 10:59 PM
I am understanding your last statement to mean that the cache is automatically cleared; however, whenever I open and close a file attachment, close the database, and open up Application Manager, there is from 8KB-28KB of data in the cache. If I don't open a file, there is no data in the cache.
May 13, 2014 at 4:21 AM
true, it's the same on my device. the only explanation I have is that in this process a subdirectory in the cache is created which might occupy some space by its own (or at least have reserved some small amount of memory). If you use a big file, you see that it's content is definitely deleted.