KeePass 2.x Plugins About installation, uninstallation and security of KeePass plugins.

KeePass features a plugin framework. Plugins can provide additional functionality, like support of more file formats for import/export, network functionalities, backup features, etc.

  Online Resources

You can download the latest KeePass plugins (and their source code) from http://keepass.info/plugins.html.

  Plugin Installation / Uninstallation

To install a plugin, follow these steps:

1. Download the plugin from the page above and unpack the ZIP file to a directory of your choice.
2. Copy the unpacked plugin files into the KeePass directory (where the KeePass.exe is) or a subdirectory of it.
3. Restart KeePass in order to load the new plugin.

In other words, to "install" a plugin you simply need to copy it somewhere into the KeePass directory, that's all.

To "uninstall" a plugin, delete the plugin files.

  Plugin Security

What about the security of plugins? Can't malicious spyware plugins 'inject' themselves into KeePass?

If plugins can register themselves (i.e. have write access to the KeePass directory), they could also just replace the whole KeePass.exe. It's rather a problem of the file system security, not the plugin system.

If you worry about this, you can do the following:

1. Install KeePass as administrator.
2. Write-protect the KeePass directory. Nobody must have write access.
3. Log on as normal user (with no administrator privileges).

This will solve the problem above. Since the KeePass directory is write-protected, no other program can copy files into it. KeePass requires the plugins to be in the application directory. Therefore, plugins cannot inject themselves anymore.