Importing Entries

Password Safe allows you to import password information from other formats. These files may be generated by other applications, exported from a spreadsheet, or even written by hand using Notepad or a similar text editor.

The formats that Password Safe supports are:

Password Safe generates a report at the end of the import operation, summarizing what was done and noting any problems that may have occurred. This report may be copied to the clipboard or saved to disk as a text file in the same directory as the database. The "View → Reports" menu item may then be used to view the reports at a later date. The name of the report file is fixed and depends on the function that created it. If the same function is repeated and its report saved to disk, any existing report for this function will be overwritten. Note: The report may contain sensitive data and care should be taken when selecting the "save to disk" option.

Note: You can also 'import' a subset of entries from another Password Safe database, by opening the other database with Password Safe (assuming you permit multiple instances via "Manage → Options → System" tab). Then you can simply drag and drop any entries or groups to your open database from this 'import' database.

Text Format

Text files used to import password entries consist of one or more password entries. Each field within an entry is separated by a field separator and each entry may consist of one or more lines. Details on the expected format of the imported text file may be found in the "Plain Text Export & Import Format" section.

Import Text Settings Dialog

The field separator used in the text file being imported and a default group name to import the new entries into can be configured before processing the file.

Import Text Settings

  1. "File → Import From...."
  2. Select Plain Text...
  3. Set import settings and parameters for the text file being imported
  4. If a Notes field multi-line delimiter character has been used, either in a previous Export or using a text editor, enter it here so that, during the Import process, the Notes field will be split into multiple lines by replacing this character by a newline.
  5. Click OK
  6. Select the text file to import.
  7. At the end of the import process, a small dialog box appears showing how many entries were added, and how many (if any) were unsuccessfully parsed.

IMPORTANT: If an entry that uses a Password Policy Name is imported and that name is not already in the current receiving database, then the resulting entry in the database will revert to using the database's default Password Policy.

IMPORTANT: The first line of the file being imported must be a tab-separated list of the names of the fields that each entry contains, e.g., "Group/Title Username Password URL", etc. This line is generated automatically by the "Export Text" function, but must be added manually for files created from other tools.

XML

XML (eXtensible Markup Language) is a popular format for transferring data between applications. Password Safe can import XML files that were generated according to the schema defined in the file pwsafe.xsd, which is provided as part of the distribution.

When importing XML into an empty database, any database preferences in the beginning of the XML input file will be imported into the database. If the current receiving database already has entries, then these preferences will be ignored.

However, any "Password Policy Names" in the XML input file will be imported irrespective of whether there are entries already in the current receiving database. Note however, if a Password Policy with the same name already exists in the database, it will not be overwritten by the values in the XML input file.

If an entry that uses a Password Policy Name is imported and that name is neither in the current receiving database nor in XML input file, then the resulting entry in the database will revert to using the database's default Password Policy.

Change of the coding of XML Date/time values

Prior to PasswordSafe V3.26, date time fields were exported in our own format:

  <name>
    <date>yyyy-mm-dd</date>
    <time>hh:mm:ss</time>
  </name>

Where "name" was any of our record date/time fields e.g. 'ctime', 'atime', 'xtime', 'pmtime', 'rmtime' and the password history 'changed' date/time.

However, from V3.26 onwards, PasswordSafe will only export XML date/time fields using the International W3C Standard date/time format. V3.26 and V3.27 can input either format but for versions after 3.27, it will only accept the W3C standard.

The W3C standard for XML date/time fields is:

  <namex>yyyy-mm-ddThh:mm:ss</namex>

Where we have changed the "name" to distinguish the fields from the old format by appending an 'x' and so 'namex' is any of our new record date/time fields e.g. 'ctimex', 'atimex', 'xtimex', 'pmtimex', 'rmtimex' and the password history 'changedx' date/time.

To import an older format XML file with date/time fields, you must manually edit these fields to convert to the old PasswordSafe format to the W3C standard format.

KeePass V1 TXT and CSV Files

The recommended import of KeePass V1 database entries is via XML as described below.

TXT File

You may also import a TXT file exported from Keepass V1 (tested on files created by V1.19b).

The following fields are converted to the Password Safe equivalents:

Each new entry starts with a line beginning with '[' and ending with as ']'. The text between these will be imported as the 'Title' of this entry.

Each piece of information is on one line and the following tags are at the beginning of each line:

The following fields are currently ignored:

Note that times in Password Safe must be earlier than January 19, 2038. Any time later than this is currently treated as invalid and the associated field is unset.

Please note, you MUST check the box "Encode/replace newline characters by '\n'" during the export from Keepass V1 or the import may fail or give unexpected results.

CSV File

You may also import a CSV (Comma Separated Values) file exported from Keepass V1 (tested on files created by V1.19b).

The following fields are converted to the Password Safe equivalents:

The following fields are currently ignored:

Note that times in Password Safe must be earlier than January 19, 2038. Any time later than this is currently treated as invalid and that the associated field is unset.

Please note, you MUST check the box "Encode/replace newline characters by '\n'" during the export from Keepass V1 or the import may fail or give unexpected results.

KeePass V2 via KeePass V1 CSV Files

The recommended import of KeePass V2 database entries is via XML as described below.

Password Safe cannot import any file created by KeePass V2 - even the KeePass V1 CSV format available from this program. However, it is possible to export a KeePass V2 database as a KeePass V1 database. You may then export this to either a TXT or CSV file and imported as described above.

KeePass V1 and V2 XML Files

Password Safe cannot directly import a XML file exported by KeePass V1 or V2 as the fields are too different. However, we have provided XSL Transform files (KPV1_to_PWS.xslt and KPV2_to_PWS.xslt). The programs listed below may be used to process the exported XML file with one of these XSLT files to produce a Password Safe compatible XML file that can then be imported to Password Safe V3.26 or later.

The XSLT files conform to V1.0 of XSLT as described in http://www.w3.org/TR/xslt and have been tested with XML files created by KeePass V1.19b and KeePass V2.15.

Note that times in Password Safe must be earlier than January 19, 2038. Any time later than this is currently treated as invalid and that the associated field is unset.

Under Windows, the following XSLT processors support the supplied XSL Transform files. The example command line execution of these processors assume:

  1. The command line program from Microsoft (XSLT Processor Version 4.0). The properties of the file msxsl.exe state that it is V1.1.0.1 and dated 2001, although the web site states that it is V2.0 and dated 19 September 2004. It can currently be found at http://www.microsoft.com/downloads. It requires Microsoft Core XML Services (MSXML) V4.0 to be installed. Whilst the latest MSXML version is V6, V4 is normally installed on all versions of Windows supported by Password Safe.

    For KeePass V1 XML file use the command:

    msxsl KeePassV1.xml KPV1_to_PWS.xslt -o PWS.xml
    
    For KeePass V2 XML file use the command:
    msxsl KeePassV2.xml KPV2_to_PWS.xslt -o PWS.xml
    
  2. AltovaXML Community Edition (current version 2011r3). See http://www.altova.com/altovaxml.html.

    For KeePass V1 XML file use the command:

    AltovaXML -xslt1 KPV1_to_PWS.xslt -in KeePassV1.xml -out PWS.xml
    
    For KeePass V2 XML file use the command:
    AltovaXML -xslt1 KPV2_to_PWS.xslt -in KeePassV2.xml -out PWS.xml
    
  3. Saxon-HE (Home Edition) (current version 9.3.0.5). See http://saxon.sourceforge.net/. There is also a graphical front-end for Saxon called Kernow. See http://kernowforsaxon.sourceforge.net/. The format of the command depends on whether you use the Java or .Net version of Saxon-HE and/or Kernow. Please refer to the product's documentation for further information.

All these programs are free, although Kernow needs to be registered if used more than 100 times.

KeePass V1 XML Special Processing

KeePass V1 XML Elements Password Safe XML Element Equivalent
<group><group>
<title><title>
<username><username>
<password><password>
<url><url>
<notes><notes>
<lastmodtime><pmtimex> and <rmtimex>
<creationtime><ctimex>
<lastaccesstime><atimex>
<expiretime><xtimex>, if the KeePass <expiretime> attribute "expires" is 'true'
<image>
<attachdesc>
<attachment>

These have no Password Safe equivalent and are ignored

KeePass V2 XML Special Processing

KeePass V2 exports all strings, e.g. Title, in a "String" section with "Key" and "Value" sub-elements. For example:

<String>
	<Key>Title</Key>
	<Value>Test title</Value>
</String>

The following table shows the conversion of these to the Password Save equivalent XML element.

KeePass V2 String Keys Password Safe Entry XML Element Equivalent
Title<title>
Username<username>
Password<password>
URL<url> or <runcommand>
depending on the prefix (see notes above)
Notes<notes>
All othersInserted into the Password Safe Notes field in the form:
"Key: Value"

KeePass V2 exports all date/time fields, e.g. creation time, in a "Times" section. For example:

<Times>
  <LastModificationTime>2011-05-30T14:20:57Z</LastModificationTime>
  <CreationTime>2011-05-27T18:09:29Z</CreationTime>
  <LastAccessTime>2011-05-30T14:20:57Z</LastAccessTime>
  <ExpiryTime>2999-12-28T23:59:59Z</ExpiryTime>
  <Expires>False</Expires>
</Times>

The following table shows the conversion of these to the Password Save equivalent XML element.

KeePass V2 Time Values Password Safe Entry XML Element Equivalent
<Times>/<LastModificationTime><pmtimex> and <rmtimex>
<Times>/<CreationTime><ctimex>
<Times>/<LastAccessTime><atimex>
<Times>/<ExpiryTime><xtimex> if <Times>/<Expires> is 'True'

KeePass V2 can create an history section when anything is changed in an entry. Password Safe only saves password changes. All other saved changed fields in the KeePass XML element are ignored.

KeePass V2 History Password Safe Entry XML Element Equivalent
<Times>/<LastModificationTime><history_entry>/<changedx>
<String[Key='Password']><history_entry>/<oldpassword>
All other tags from <History>Ignored

The following KeePass V2 Auto-type special codes (see http://keepass.info/help/base/autotype.html) are translated as follows. All codes not listed are copied across as-is.

KeePass V2 Auto-type Password Safe Equivalent
\\\ (escaping '\')
Tab {TAB}\t
Enter {ENTER} or ~\n
Backspace {BACKSPACE}, {BS} or {BKSP}\b
Keypad + {ADD}+
Keypad - {SUBTRACT}-
Keypad * {MULTIPLY}*
Keypad / {DIVIDE}/
+ {+}+
^ {^}^
% {%}%
~ {~}~
(, ) {(}, {)}(, )
{DELAY X} Delays X milliseconds.\wX (\WX)
{DELAY=X} Sets the default delay to X milliseconds for all standard keypresses in this sequence.\dX

The following KeePass V2 Placeholders (see http://keepass.info/help/base/placeholders.html) are translated as follows. All codes not listed are copied across as-is.

Placeholders are case-insensitive. Custom strings can be referenced using {S:Name}. For example, if the database has a custom string named "eMail", it can be referenced via the placeholder {S:eMail}.

KeePass V2 Placeholder Password Safe AutoType Password Safe Run Command
{GROUP}\g${G}
{TITLE}\i${t}
{USERNAME}\u${u}
{PASSWORD}\p${p}
{NOTES}\o${n}

KeePass V2 Placeholder Password Safe Run Command
\{\\{ (escaping \)
$\$ (escaping $)
{GROUPPATH}${g}
{URL}${url}
{URL:RMVSCM}${url}
{APPDIR}${appdir}
{DB_PATH}${fulldb}
{DB_DIR}${dbdir}
{DB_NAME}${dbname}.${dbextn}
{DB_BASENAME}${dbname}
{DB_EXT}${dbextn}
All othersCopied unchanged