Skip to content

Add KeePassPasskey AAGUID#94

Merged
timcappalli merged 1 commit into
passkeydeveloper:mainfrom
yusei36:add-keepasspasskey-aaguid
May 18, 2026
Merged

Add KeePassPasskey AAGUID#94
timcappalli merged 1 commit into
passkeydeveloper:mainfrom
yusei36:add-keepasspasskey-aaguid

Conversation

@yusei36

@yusei36 yusei36 commented May 13, 2026

Copy link
Copy Markdown
Contributor

@yusei36 yusei36 requested a review from timcappalli as a code owner May 13, 2026 20:22
@timcappalli

Copy link
Copy Markdown
Member

Hi! KeePassPasskey seems to be a plugin for existing KeePass instances . If that's the case, this shouldn't have its own AAGUID. The credential manager is still KeePass.

inside your KeePass Plugins folder (e.g. C:\Program Files\KeePass Password Safe 2\Plugins\KeePassPasskeyPlugin) and (re)start KeePass.

@yusei36

yusei36 commented May 14, 2026

Copy link
Copy Markdown
Contributor Author

Thanks for raising this! Having its own AAGUID is intentional, and here is my reasoning.

KeePassPasskey has its own AAGUID because it registers itself with the Windows native passkey API as a distinct authenticator under that AAGUID, which is what identifies the implementation that created the credential. While it is hosted as a KeePass plugin and stores credentials in a KeePass database (the same format as KeePassXC and KeePassDX, which also have their own AAGUIDs), the authenticator itself is KeePassPasskey, not KeePass.

Other KeePass-based projects follow the same pattern. For example, keepass-macpass-helper also defines its own AAGUID. This makes sense: each plugin is an independent implementation with potentially different algorithm support, storage behavior, and capabilities. Sharing an AAGUID across unrelated implementations would be incorrect, as the AAGUID is meant to identify a specific authenticator, not a family of storage formats.

The project also deliberately uses its own icon rather than the official KeePass icon to avoid impersonating the official KeePass project, and the name follows the well-established KeePass plugin naming convention. Even though Dominik Reichl has indicated no current intent to add native passkey support, if that ever changes, an official KeePass implementation would be a separate authenticator with its own AAGUID, which is another reason why each independent implementation should have its own.

@timcappalli timcappalli merged commit b15c859 into passkeydeveloper:main May 18, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants