Importing Entries

Password Safe allows you to import password information from other formats. These files may be generated by other applications, exported from a spreadsheet, or even written by hand using Notepad or a similar text editor.

The formats that Password Safe supports are:

• Text
• XML
• KeePass V1 TXT and CSV Files
• KeePass V2 via KeePass V1 CSV Files
• KeePass V1 and V2 XML Files

Password Safe generates a report at the end of the import operation, summarizing what was done and noting any problems that may have occurred. This report may be copied to the clipboard or saved to disk as a text file in the same directory as the database. The "View → Reports" menu item may then be used to view the reports at a later date. The name of the report file is fixed and depends on the function that created it. If the same function is repeated and its report saved to disk, any existing report for this function will be overwritten. Note: The report may contain sensitive data and care should be taken when selecting the "save to disk" option.

Note: You can also 'import' a subset of entries from another Password Safe database, by opening the other database with Password Safe (assuming you permit multiple instances via "Manage → Options → System" tab). Then you can simply drag and drop any entries or groups to your open database from this 'import' database.

Text Format

Text files used to import password entries consist of one or more password entries. Each field within an entry is separated by a field separator and each entry may consist of one or more lines. Details on the expected format of the imported text file may be found in the "Plain Text Export & Import Format" section.

Import Text Settings Dialog

The field separator used in the text file being imported and a default group name to import the new entries into can be configured before processing the file.

1. "File → Import From...."
2. Select Plain Text...
3. Set import settings and parameters for the text file being imported
4. If a Notes field multi-line delimiter character has been used, either in a previous Export or using a text editor, enter it here so that, during the Import process, the Notes field will be split into multiple lines by replacing this character by a newline.
5. Click OK
6. Select the text file to import.
7. At the end of the import process, a small dialog box appears showing how many entries were added, and how many (if any) were unsuccessfully parsed.

XML

XML (eXtensible Markup Language) is a popular format for transferring data between applications. Password Safe can import XML files that were generated according to the schema defined in the file pwsafe.xsd, which is provided as part of the distribution.

When importing XML into an empty database, any database preferences in the beginning of the XML input file will be imported into the database. If the current receiving database already has entries, then these preferences will be ignored.

However, any "Password Policy Names" in the XML input file will be imported irrespective of whether there are entries already in the current receiving database. Note however, if a Password Policy with the same name already exists in the database, it will not be overwritten by the values in the XML input file.

If an entry that uses a Password Policy Name is imported and that name is neither in the current receiving database nor in XML input file, then the resulting entry in the database will revert to using the database's default Password Policy.

Change of the coding of XML Date/time values

  <name>
    <date>yyyy-mm-dd</date>
    <time>hh:mm:ss</time>
  </name>

  <namex>yyyy-mm-ddThh:mm:ss</namex>

KeePass V1 TXT and CSV Files

The recommended import of KeePass V1 database entries is via XML as described below.

TXT File

You may also import a TXT file exported from Keepass V1 (tested on files created by V1.19b).

The following fields are converted to the Password Safe equivalents:

Each piece of information is on one line and the following tags are at the beginning of each line:

• "Group: " becomes the entry's Group
• "Group Tree: " becomes the entry's group hierarchy to the root
• "User Name: " becomes the entry's User Name
• "Password: " becomes the entry's Password
• "URL: " becomes the entry's URL
• "Notes: " becomes the entry's Notes
• "UUID: " becomes the internal unique ID of the Password Safe entry
• "Creation Time: " becomes the entry's creation time
• "Last Access: " becomes the entry's last accessed time
• "Last Modification: " becomes the entry's password and the entry's last modification time
• "Expires: " becomes the entry's expiry date

The following fields are currently ignored:

• "Icon"
• "Attachment Description"
• "Attachment" - do NOT export this field as it can make the export file extremely large.

Note that times in Password Safe must be earlier than January 19, 2038. Any time later than this is currently treated as invalid and the associated field is unset.

Please note, you MUST check the box "Encode/replace newline characters by '\n'" during the export from Keepass V1 or the import may fail or give unexpected results.

CSV File

You may also import a CSV (Comma Separated Values) file exported from Keepass V1 (tested on files created by V1.19b).

The following fields are converted to the Password Safe equivalents:

• "Password Groups" becomes the entry's Group
• "Group Tree" becomes the entry's group hierarchy to the root
• "Account" becomes the entry's Title
• "Login Name" becomes the entry's User Name
• "Password" becomes the entry's Password
• "Web Site" becomes the entry's URL
• "Comments" becomes the entry's Notes
• "UUID" becomes the internal unique ID of the Password Safe entry
• "Creation Time" becomes the entry's creation time
• "Last Access" becomes the entry's last accessed time
• "Last Modification" becomes the entry's password and the entry's last modification time
• "Expires" becomes the entry's expiry date

The following fields are currently ignored:

• "Icon"
• "Attachment Description"
• "Attachment" - do NOT export this field as it can make the export file extremely large.

Note that times in Password Safe must be earlier than January 19, 2038. Any time later than this is currently treated as invalid and that the associated field is unset.

Please note, you MUST check the box "Encode/replace newline characters by '\n'" during the export from Keepass V1 or the import may fail or give unexpected results.

KeePass V2 via KeePass V1 CSV Files

The recommended import of KeePass V2 database entries is via XML as described below.

Password Safe cannot import any file created by KeePass V2 - even the KeePass V1 CSV format available from this program. However, it is possible to export a KeePass V2 database as a KeePass V1 database. You may then export this to either a TXT or CSV file and imported as described above.

KeePass V1 and V2 XML Files

Password Safe cannot directly import a XML file exported by KeePass V1 or V2 as the fields are too different. However, we have provided XSL Transform files (KPV1_to_PWS.xslt and KPV2_to_PWS.xslt). The programs listed below may be used to process the exported XML file with one of these XSLT files to produce a Password Safe compatible XML file that can then be imported to Password Safe V3.26 or later.

The XSLT files conform to V1.0 of XSLT as described in http://www.w3.org/TR/xslt and have been tested with XML files created by KeePass V1.19b and KeePass V2.15.

Note that times in Password Safe must be earlier than January 19, 2038. Any time later than this is currently treated as invalid and that the associated field is unset.

Under Windows, the following XSLT processors support the supplied XSL Transform files. The example command line execution of these processors assume:

• The style sheet to convert the KeePass XML file to a Password Safe XML file is: KPV1_to_PWS.xslt or KPV2_to_PWS.xslt.
• The input KeePass V1 or V2 XML file is: KeePassV1.xml or KeePassV2.xml
• The output Password Safe XML file will be: PWS.xml
• All input and output files are in the same directory as the XSLT processor. If not, you will need to enter the full path of these files.

1. The command line program from Microsoft (XSLT Processor Version 4.0). The properties of the file msxsl.exe state that it is V1.1.0.1 and dated 2001, although the web site states that it is V2.0 and dated 19 September 2004. It can currently be found at http://www.microsoft.com/downloads. It requires Microsoft Core XML Services (MSXML) V4.0 to be installed. Whilst the latest MSXML version is V6, V4 is normally installed on all versions of Windows supported by Password Safe.

   For KeePass V1 XML file use the command:

   msxsl KeePassV1.xml KPV1_to_PWS.xslt -o PWS.xml
   

   For KeePass V2 XML file use the command:

   msxsl KeePassV2.xml KPV2_to_PWS.xslt -o PWS.xml
   

2. AltovaXML Community Edition (current version 2011r3). See http://www.altova.com/altovaxml.html.

   For KeePass V1 XML file use the command:

   AltovaXML -xslt1 KPV1_to_PWS.xslt -in KeePassV1.xml -out PWS.xml
   

   For KeePass V2 XML file use the command:

   AltovaXML -xslt1 KPV2_to_PWS.xslt -in KeePassV2.xml -out PWS.xml
   

3. Saxon-HE (Home Edition) (current version 9.3.0.5). See http://saxon.sourceforge.net/. There is also a graphical front-end for Saxon called Kernow. See http://kernowforsaxon.sourceforge.net/. The format of the command depends on whether you use the Java or .Net version of Saxon-HE and/or Kernow. Please refer to the product's documentation for further information.

All these programs are free, although Kernow needs to be registered if used more than 100 times.

KeePass V1 XML Special Processing

• If a KeePass group contains a dot ('.'), it is converted to a forward slash ('/') when added to Password Safe, since dots are used as group delimiters by Password Safe.
• All 'carriage return' characters are removed from the Notes field and all 'newline' characters are converted to the normal Password Safe delimiter '»' used to denote new lines within the Notes field.
• The KeePass entry's UUID will be transferred to the Password Safe entry unless it is already used within that database (which is very unlikely), in which case a new value will be calculated during import.

KeePass V2 XML Special Processing

• The '<HistoryMaxItems>' field from the '<Meta>' section of the KeePass V2 XML file is used as the maximum number of passwords to be saved in an Password Safe's entry password history. All other fields in this section are ignored.
• If a KeePass group contains a dot ('.'), it is converted to a forward slash ('/') when added to Password Safe, since dots are used as group delimiters by to Password Safe.
• All 'carriage return' characters are removed from the Notes field and all 'newline' characters are converted to the normal Password Safe delimiter '»' used to denote new lines within the Notes field.
• The KeePass entry's UUID will be transferred to the Password Safe entry unless it is already used within that database (which is very unlikely), in which case a new value will be calculated during import.
• If the '<DefaultAutoTypeSequence>' field is present within a KeePass group is used as the default Password Safe AutoType field for entries within that group.
• If an entry's '<AutoType>' field is set to 'True' and the '<DefaultSequence>' is not empty, then this is used as the Password Safe's entry's AutoType sequence. If it is 'True' but '<DefaultSequence>' is empty, then the '<DefaultAutoTypeSequence>' field from the parent group is used as the Password Safe's entry's AutoType sequence.
• If the '<OverrideURL>' field is not empty, its value is inserted into the Notes field and prefixed by "OverrideURL:" and the URL field is prefixed by "[alt]".
• If the URL string begins with "\\" or "cmd://" (case insensitive) the field is placed in the Password Safe's entry's Run Command field and Placeholder substitution is performed (see below). If neither of these prefixes appear in the URL string, it is placed in the Password Safe's entry's URL field with only {S:FieldName} substitution.
• If the '<Tags>' field is not empty, its value is inserted into the Notes field and prefixed by "Tags:".

KeePass V2 exports all strings, e.g. Title, in a "String" section with "Key" and "Value" sub-elements. For example:

<String>
	<Key>Title</Key>
	<Value>Test title</Value>
</String>

The following table shows the conversion of these to the Password Save equivalent XML element.

KeePass V2 exports all date/time fields, e.g. creation time, in a "Times" section. For example:

<Times>
  <LastModificationTime>2011-05-30T14:20:57Z</LastModificationTime>
  <CreationTime>2011-05-27T18:09:29Z</CreationTime>
  <LastAccessTime>2011-05-30T14:20:57Z</LastAccessTime>
  <ExpiryTime>2999-12-28T23:59:59Z</ExpiryTime>
  <Expires>False</Expires>
</Times>

The following table shows the conversion of these to the Password Save equivalent XML element.

KeePass V2 can create an history section when anything is changed in an entry. Password Safe only saves password changes. All other saved changed fields in the KeePass XML element are ignored.

The following KeePass V2 Auto-type special codes (see http://keepass.info/help/base/autotype.html) are translated as follows. All codes not listed are copied across as-is.

The following KeePass V2 Placeholders (see http://keepass.info/help/base/placeholders.html) are translated as follows. All codes not listed are copied across as-is.

Placeholders are case-insensitive. Custom strings can be referenced using {S:Name}. For example, if the database has a custom string named "eMail", it can be referenced via the placeholder {S:eMail}.