KeePass Merge

I use KeePass to track hundreds of passwords, securely.

I also use Replicator to synchronize the files between my USB flash drive, home and work PCs. Sometimes it gets confused, mostly when I make changes at both ends. Replicator realizes this and stops. It creates a copy of the file, renames it password~1.kdb and replicates the two copies.

How to tell what changed? Cool tools like WinMerge only detect differences of binary files, not what changed. Especially for an encrypted file.

I export each file to an xml file, say password.kdb.xml and password~1.kdb.xml. I uncheck the top two – encode \n and eliminate backup items. Who cares? I include all fields below.

WARNING: these files now have ALL your passwords in cleartext. DELETE them when done — preferably a DOD delete.

Each record has a GUID — so no matter what change you make to the record, the GUID remains the same. So the way to check is to sort the XML by GUID and then compare the two with a diff tool.

I wrote an XSL stylesheet to sort them:

<xsl:stylesheet xmlns:xsl="" version="1.0">
  <xsl:template match="pwlist">
      <xsl:sort select="uuid"/>
  <xsl:template match="*">

I use the msxsl transformer cuz its easy on windows. Use your own, or send me a script for cygwin tools.

iconv is required to convert the output of the XSL transform from UTF-8 into ISO-8859-1 or else bad things happen down the chain.

Here is the batch file to drive them:

rem take the xml output of keepass export, sort them by UUID,
rem export to new file for comparison. CLEARTEXT!!!

set ICONV_HOME=c:\Program Files\GnuWin32\bin
msxsl password~1.kdb.xml keepass-exp-sortbyguid.xsl | "%ICONV_HOME%\iconv"
  -f UTF-16 -t ISO-8859-1 | tidy -xml -i -wrap 99999 > password~1.kdb.sort.xml
msxsl password.kdb.xml keepass-exp-sortbyguid.xsl | "%ICONV_HOME%\iconv" -f UTF-16
  -t ISO-8859-1 | tidy -xml -i -wrap 99999 > password.kdb.sort.xml


Now it is trivial to compare the two with WinMerge and identify the differences -- everything lines up!

I had a problem this last time with characters that do not convert -- typographic quotes and em dashes (ala Word Auto-Correcting). If you see
09063 Flaming Moeiconv: x: cannot convert
check the line for the goofy chars.

This work is licensed under a
Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.

Creative Commons License
This entry was posted in Computers, Software and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply