Fix cross-database reference resolution to handle unresolvable references correctly

Co-authored-by: droidmonkey <2809491+droidmonkey@users.noreply.github.com>

.github/CONTRIBUTING.md

@@ -15,6 +15,7 @@ These are just guidelines, not rules. Use your best judgment, and feel free to p
   * [Bug reports](#bug-reports)
   * [Discuss with the team](#discuss-with-the-team)
   * [Your first code contribution](#your-first-code-contribution)
+  * [Using AI](#using-ai)
   * [Pull requests](#pull-requests)
   * [Translations](#translations)
 
@@ -74,6 +75,10 @@ Unsure where to begin contributing to KeePassXC? You can start by looking throug
 
 Both issue lists are sorted by total number of comments. While not perfect, looking at the number of comments on an issue can give a general idea of how much an impact a given change will have.
 
+### Using AI
+
+Generative AI is fast becoming a first-party feature in most development environments, including GitHub itself. If you use Generative AI to write the vast majority of your submission (e.g., agent-based or vibe coding) then you **must document your use of AI** in your pull request. Please include the service you used and/or model that generated the code. All code submissions go through a rigourous review process regardless of the development workflow used.
+
 ### Pull requests
 
 Along with our desire to hear your feedback and suggestions, we're also interested in accepting direct assistance in the form of code.

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,12 +1,13 @@
-[NOTE]: # ( Describe your changes in detail, why is this change required? )
-[NOTE]: # ( Explain large or complex code modifications. )
+[NOTE]: # ( Describe your changes in detail. Explain large or complex code modifications. )
 [NOTE]: # ( If it fixes an open issue, please add "Fixes #XXX". )
+[NOTE]: # ( If you used Generative AI to write the majority of your code, you must state this. )
 
 
 ## Screenshots
 [NOTE]: # ( Do not include screenshots of your actual database! )
 [TIP]:  # ( Use View -> Allow Screen Capture )
 
+
 ## Testing strategy
 [NOTE]: # ( Please describe in detail how you tested your changes. )
 [TIP]:  # ( We expect new code to be covered by unit tests and include helpful comments. )

.github/copilot-instructions.md

@@ -0,0 +1,38 @@
+This is a C++ based repository that uses Qt5 as a primary support and GUI library. This repository is for a password manager application that stores passwords 
+and other highly sensitive information. The data format that passwords are stored is called KDBX which is a mixed binary and XML format that is fully encrypted 
+at rest. This format is unpacked into a series of data structures: Database, Groups, and Entries. Please follow these guidelines when contributing:
+
+## Code Standards
+
+### Required Before Each Commit
+- Run `cmake --build . --target format` before committing any changes to ensure proper code formatting
+- This will run clang-format to ensure all code conforms to the style guide
+- From the checkout directory, also run `./release-tool i18n lupdate` to update translation files
+
+### Development Flow
+- Setup Build Folder: `mkdir build; cd build`
+- Configure: `cmake -G Ninja -DWITH_XC_ALL=ON -DWITH_GUI_TESTS=ON ..`
+- Build: `cmake --build . -- -j $(nproc)`
+- Test: `ctest`
+
+## Repository Structure
+- `docs/topics`: Documentation written in asciidoctor syntax
+- `src/`: Main source code files are under this subdirectory
+- `src/autotype`: Code that emulates a virtual keyboard to type into interfaces
+- `src/browser`: Interface with the KeePassXC Browser Extension using a JSON-based protocol
+- `src/cli`: Command Line Interface code
+- `src/core`: Contains files that define the data model and other shared code structures
+- `src/format`: Code for import/export and reading/writing of KDBX databases
+- `src/fdosecrets`: freedesktop.org Secret Service interface code
+- `src/quickunlock`: Quick unlock interfaces for various platforms
+- `src/sshagent`: SSH Agent interface code to load private keys from the database into ssh-agent
+- `tests/`: Test source code files
+- `tests/gui`: GUI test source code files
+
+## Key Guidelines
+1. Follow C++20 and Qt5 best practices and idiomatic patterns
+2. Maintain existing code structure and organization
+3. Prefer not to edit cryptographic handling code or other sensitive parts of the code base
+4. Write unit tests for new functionality using QTest scaffolding
+5. Suggest changes to the `docs/topics` folder when appropriate
+6. Unless the change is simple, don't actually make edits to .ui files, just suggest the changes needed

.github/workflows/copilot-setup-steps.yml

@@ -0,0 +1,29 @@
+name: "Copilot Setup Steps"
+
+# Setup the environment for Copilot agents to run in
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+  pull_request:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+
+jobs:
+  copilot-setup-steps:
+    runs-on: ubuntu-latest
+
+    # Needed to clone the repository
+    permissions:
+      contents: read
+
+    # Install dependencies
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          sudo apt update
+          sudo apt install --no-install-recommends build-essential cmake g++ ninja-build qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev libqt5x11extras5-dev

README.md

@@ -56,6 +56,10 @@ You may directly contribute your own code by submitting a pull request. Please r
 
 Contributors are required to adhere to the project's [Code of Conduct](CODE-OF-CONDUCT.md).
 
+## Generative AI
+
+Generative AI is fast becoming a first-party feature in most development environments, including GitHub itself. If the majority of a code submission is made using Generative AI (e.g., agent-based or vibe coding) then **we will document that in the pull request.** All code submissions go through a rigourous review process regardless of the development workflow or submitter.
+
 ## License
 
 KeePassXC code is licensed under GPL-2 or GPL-3. Additional licensing for third-party files is detailed in [COPYING](./COPYING).

docs/GettingStarted.adoc

@@ -7,6 +7,7 @@ KeePassXC Team <team@keepassxc.org>
 :imagesdir: images
 :stylesheet: styles/dark.css
 :toc: left
+:experimental:
 ifdef::backend-pdf[]
 :title-page:
 :title-logo-image: {imagesdir}/kpxc_logo.png

docs/UserGuide.adoc

@@ -7,6 +7,7 @@ KeePassXC Team <team@keepassxc.org>
 :stylesheet: styles/dark.css
 :toc: left
 :sectanchors:
+:experimental:
 ifdef::backend-pdf[]
 :title-page:
 :title-logo-image: {imagesdir}/kpxc_logo.png

docs/man/keepassxc-cli.1.adoc

@@ -52,12 +52,11 @@ It provides the ability to query and modify the entries of a KeePass database, d
   Removes the named attachment from an entry.
 
 *clip* [_options_] <__database__> <__entry__> [_timeout_]::
-  Copies an attribute, current TOTP value, UUID, or tags list of a database entry to the clipboard.
+  Copies an attribute or the current TOTP (if the *-t* option is specified) of a database entry to the clipboard.
   If no attribute name is specified using the *-a* option, the password is copied.
   If multiple entries with the same name exist in different groups, only the attribute for the first one is copied.
   For copying the attribute of an entry in a specific group, the group path to the entry should be specified as well, instead of just the name.
   Optionally, a timeout in seconds can be specified to automatically clear the clipboard, the default timeout is 10 seconds, set to 0 to disable.
-  Note: an error will be thrown if you specify multiple options at once (eg, *--uuid* and *-a*).
 
 *close*::
   In interactive mode, closes the currently opened database (see *open*).
@@ -144,8 +143,8 @@ It provides the ability to query and modify the entries of a KeePass database, d
   Searches all entries that match a specific search term in a database.
 
 *show* [_options_] <__database__> <__entry__>::
-  Shows the title, username, password, URL and notes of a database entry by default.
-  Can also show the current TOTP, entry UUID, and tags list.
+  Shows the title, username, password, URL and notes of a database entry.
+  Can also show the current TOTP.
   Regarding the occurrence of multiple entries with the same name in different groups, everything stated in the *clip* command section also applies here.
 
 == OPTIONS
@@ -236,12 +235,6 @@ The same password generation options as documented for the generate command can
   Copies the current TOTP instead of the specified attribute to the clipboard.
   Will report an error if no TOTP is configured for the entry.
 
-*--uuid*::
-  Copies the UUID of the entry to the clipboard.
-
-*--tags*::
-  Copies the tags of the entry to the clipboard.
-
 *-b*, *--best*::
   Try to find and copy to clipboard a unique entry matching the input
   If a unique matching entry is found it will be copied to the clipboard.
@@ -269,6 +262,7 @@ The same password generation options as documented for the generate command can
 *-a*, *--attributes* <__attribute__>...::
   Shows the named attributes.
   This option can be specified more than once, with each attribute shown one-per-line in the given order.
+  If no attributes are specified and *-t* is not specified, a summary of the default attributes is given.
   Protected attributes will be displayed in clear text if specified explicitly by this option.
 
 *--all*::
@@ -281,13 +275,7 @@ The same password generation options as documented for the generate command can
   Shows the attachment names along with the size of the attachments.
 
 *-t*, *--totp*::
-  Shows the current TOTP and then exits. An error is thrown if no TOTP is configured for the entry.
-
-*--uuid*::
-  Shows the UUID of the entry.
-
-*--tags*::
-  Shows the tag list of the entry.
+  Also shows the current TOTP, reporting an error if no TOTP is configured for the entry.
 
 === Diceware options
 *-W*, *--words* <__count__>::

docs/topics/.sharedheader

@@ -4,3 +4,4 @@ KeePassXC Team <team@keepassxc.org>
 :stylesheet: ../styles/dark.css
 :icons: font
 :toc: left
+:experimental:

docs/topics/AutoType.adoc

@@ -24,13 +24,13 @@ You can also set the time to remember the last used entry between presses of the
 === Configure Auto-Type Sequences
 Each entry in your database can have multiple Auto-Type sequences associated with various window titles. Simulated key presses can be sent to any other currently open window of your choice (web browser windows, login dialogs boxes, and so on). When the Global Auto-Type hotkey is pressed, KeePassXC will search your database for entries matching the current selected window title.
 
-NOTE: The default Auto-Type sequence is `{USERNAME}{TAB}{PASSWORD}{ENTER}`. This means that it first types the username of the selected entry, then presses the `Tab` key, then types the password of the entry and finally presses the `Enter` key.
+NOTE: The default Auto-Type sequence is `{USERNAME}{TAB}{PASSWORD}{ENTER}`. This means that it first types the username of the selected entry, then presses the kbd:[Tab] key, then types the password of the entry and finally presses the kbd:[Enter] key.
 
 TIP: To change the default Auto-Type sequence for all entries of your database, edit the root (top-most) group of your database and set a specific sequence. Child groups and entries will inherit this sequence by default.
 
 To configure Auto-Type sequences for your entries, perform the following steps:
 
-1.	Navigate to the entries list and open the desired entry for editing. Click the _Auto-Type_ item from the left-hand menu bar *(1)*. Press the `+` button *(2)* to add a new sequence entry. Select the desired window using the drop-down menu, or simply type a window title in the box *(3)*.
+1.	Navigate to the entries list and open the desired entry for editing. Click the _Auto-Type_ item from the left-hand menu bar *(1)*. Press the kbd:[+] button *(2)* to add a new sequence entry. Select the desired window using the drop-down menu, or simply type a window title in the box *(3)*.
 +
 TIP: You can use an asterisk (`\*`) to match any value (e.g., when a window title contains a dynamic filename or website name). Set the window title to `*` to match all windows. Leave the window title blank to offer additional default Auto-Type sequences, such as custom attributes.
 +
@@ -60,7 +60,7 @@ image::autotype_entry_sequences.png[]
 |Press the corresponding keyboard key
 
 |{UP}, {DOWN}, {LEFT}, {RIGHT}  |Press the corresponding arrow key
-|{LEFTBRACE}, {RIGHTBRACE}      |Press `{` or `}`, respectively
+|{LEFTBRACE}, {RIGHTBRACE}      |Press kbd:[{] or kbd:[}], respectively
 |{<KEY> X}     |Repeat <KEY> X times (e.g., {SPACE 5} inserts five spaces)
 |{DELAY=X}     |Set delay between key presses to X milliseconds
 |{DELAY X}     |Pause typing for X milliseconds
@@ -89,7 +89,7 @@ When you press the global Auto-Type hotkey, KeePassXC searches all unlocked data
 .Auto-Type sequence selection
 image::autotype_selection_dialog.png[,70%]
 
-Perform the selected Auto-Type sequence by double clicking the desired row or pressing _Enter_. Press the up and down arrows to navigate the list. Sequences can be filtered through the text edit field.
+Perform the selected Auto-Type sequence by double clicking the desired row or pressing kbd:[Enter]. Press the up and down arrows to navigate the list. Sequences can be filtered through the text edit field.
 
 .Auto-Type search database
 image::autotype_selection_dialog_search.png[,70%]
@@ -104,7 +104,7 @@ The option to type just the username, password, or current TOTP value is availab
 TIP: On Windows, you will see an option to use a virtual keyboard in this sub-menu. This is an experimental feature that allows you to type into virtual machines by simulating actual keyboard presses. Some international keyboards may be unsupported due to limitations in the Windows API.
 
 === Performing Entry-Level Auto-Type
-You can quickly activate the default Auto-Type sequence for a particular entry using Entry-Level Auto-Type. For this operation, the KeePassXC window will be minimized and the Auto-Type sequence occurs in the previously selected window. You can perform Entry-Level Auto-Type from the toolbar icon *(A)*, entry context menu *(B)*, or by pressing `Ctrl+Shift+V`.
+You can quickly activate the default Auto-Type sequence for a particular entry using Entry-Level Auto-Type. For this operation, the KeePassXC window will be minimized and the Auto-Type sequence occurs in the previously selected window. You can perform Entry-Level Auto-Type from the toolbar icon *(A)*, entry context menu *(B)*, or by pressing kbd:[Ctrl+Shift+V].
 
 WARNING: Be careful when using Entry-Level Auto-Type as you can inadvertently type into the wrong window. For example, a chat window or email.
 

docs/topics/DatabaseOperations.adoc

@@ -75,7 +75,7 @@ NOTE: On Windows, you will be prompted to authenticate to Windows Hello after un
 .Windows Hello example
 image::quick_unlock_windows_hello.png[]
 
-When your database is locked, you will see the following unlock dialog. Simply press _Enter_ or click on _Unlock Database_ to initiate the biometric authentication process. If you are using a hardware key (e.g. Yubikey), it must be connected to your computer to complete the unlock.
+When your database is locked, you will see the following unlock dialog. Simply press kbd:[Enter] or click on _Unlock Database_ to initiate the biometric authentication process. If you are using a hardware key (e.g. Yubikey), it must be connected to your computer to complete the unlock.
 
 .Quick Unlock
 image::quick_unlock.png[]
@@ -92,7 +92,7 @@ All the details such as usernames, passwords, URLs, attachments, notes, and so o
 
 To add an entry, perform the following step:
 
-1. Navigate to Entries > New Entry (Or, press Ctrl+N). The following screen appears:
+1. Navigate to Entries > New Entry (or press kbd:[Ctrl+N]). The following screen appears:
 +
 .Adding a new entry
 image::edit_entry.png[]
@@ -115,7 +115,7 @@ To edit the details in an entry, perform the following steps:
 
 1. Select the entry you want to edit.
 
-2. Press `Enter`, click the edit toolbar icon, or right-click and select Edit Entry from the menu.
+2. Press kbd:[Enter], click the edit toolbar icon, or right-click and select Edit Entry from the menu.
 
 3. Make the desired changes.
 
@@ -156,13 +156,13 @@ TIP: Each KeePass application has different default icons. If you use a mobile a
 ==== Deleting an Entry
 To delete an entry, perform the following steps:
 
-1. Select the entry you want to delete and press the `Delete` button on your keyboard.
+1. Select the entry you want to delete and press the kbd:[Del] button on your keyboard.
 
 2. You will be prompted to move the entry to the Recycle Bin (if enabled).
 +
 NOTE: You can disable the recycle bin within the Database Settings. If the recycle bin is disabled then deleted entries will be permanently removed from the database.
 
-3. To permanently delete the entry, navigate to the Recycle Bin, select the entry you want to delete and press the `Delete` button on your keyboard.
+3. To permanently delete the entry, navigate to the Recycle Bin, select the entry you want to delete and press the kbd:[Del] button on your keyboard.
 
 // tag::advanced[]
 ==== Clone an Entry
@@ -170,7 +170,7 @@ Creating a clone of an entry provides you a ready-to-use template for creating n
 
 To create a clone of an existing entry, perform the following steps:
 
-1.	Right-click on the entry for which you want to create a clone and select _Clone Entry_. Alternatively, select the desired entry and press `Ctrl+K`.
+1.	Right-click on the entry for which you want to create a clone and select _Clone Entry_. Alternatively, select the desired entry and press kbd:[Ctrl+K].
 +
 .Clone entry from context menu
 image::clone_entry.png[]

docs/topics/KeyboardShortcuts.adoc

@@ -3,52 +3,62 @@ include::.sharedheader[]
 :imagesdir: ../images
 
 // tag::content[]
-NOTE: On macOS please substitute `Ctrl` with `Cmd` (aka `⌘`).
+NOTE: On macOS please substitute kbd:[Ctrl] with kbd:[Cmd] (AKA kbd:[⌘]).
 
 [grid=rows, frame=none, width=75%]
 |===
-|Action                       | Keyboard Shortcut
+|Action                          | Keyboard Shortcut
 
-|Settings                     | Ctrl + ,
-|Open Database                | Ctrl + O
-|Save Database                | Ctrl + S
-|Save Database As             | Ctrl + Shift + S
-|New Database                 | Ctrl + Shift + N
-|Close Database               | Ctrl + W ; Ctrl + F4
-|Lock Current Database        | Ctrl + L
-|Lock All Databases           | Ctrl + Shift + L
-|Database Settings            | Ctrl + Shift + ,
-|Database Reports             | Ctrl + Shift + R
-|Quit                         | Ctrl + Q
-|New Entry                    | Ctrl + N
-|Edit Entry                   | Enter ; Ctrl + E
-|Delete Entry                 | Delete
-|Clone Entry                  | Ctrl + D
-|Copy Username                | Ctrl + B
-|Copy Password                | Ctrl + C
-|Copy URL                     | Ctrl + U
-|Open URL                     | Ctrl + Shift + U
-|Copy TOTP                    | Ctrl + T
-|Copy Password and TOTP       | Ctrl + Y
-|Show TOTP                    | Ctrl + Shift + T
-|Trigger AutoType             | Ctrl + Shift + V
-|Add key to SSH Agent         | Ctrl + H
-|Remove key from SSH Agent    | Ctrl + Shift + H
-|Move entry up (if unsorted)   | Ctrl + Alt + Up
-|Move entry down (if unsorted) | Ctrl + Alt + Down
-|Sort Groups A-Z              | Ctrl + Down
-|Sort Groups Z-A              | Ctrl + Up
-|Minimize Window              | Ctrl + M
-|Hide Window                  | Ctrl + Shift + M
-|Select Next Database Tab     | Ctrl + Tab ; Ctrl + PageDn
-|Select Previous Database Tab | Ctrl + Shift + Tab ; Ctrl + PageUp
-|Select the nth database      | Ctrl + n, where n is the number of the database tab
-|Toggle Passwords Hidden      | Ctrl + Shift + C
-|Toggle Usernames Hidden      | Ctrl + Shift + B
-|Focus Groups (edit if focused)  | F1
-|Focus Entries (edit if focused) | F2
-|Focus Search                 | F3 ; Ctrl + F
-|Clear Search                 | Escape
-|Show Keyboard Shortcuts      | Ctrl + /
+|Settings                        | kbd:[Ctrl + ,]
+|Open Database                   | kbd:[Ctrl + O]
+|Save Database                   | kbd:[Ctrl + S]
+|Save Database As                | kbd:[Ctrl + Shift + S]
+|New Database                    | kbd:[Ctrl + Shift + N]
+|Close Database                  | kbd:[Ctrl + W] +
+_or_ +
+kbd:[Ctrl + F4]
+|Lock Current Database           | kbd:[Ctrl + L]
+|Lock All Databases              | kbd:[Ctrl + Shift + L]
+|Database Settings               | kbd:[Ctrl + Shift + ,]
+|Database Reports                | kbd:[Ctrl + Shift + R]
+|Quit                            | kbd:[Ctrl + Q]
+|New Entry                       | kbd:[Ctrl + N]
+|Edit Entry                      | kbd:[Enter] +
+_or_ +
+kbd:[Ctrl + E]
+|Delete Entry                    | kbd:[Del]
+|Clone Entry                     | kbd:[Ctrl + D]
+|Copy Username                   | kbd:[Ctrl + B]
+|Copy Password                   | kbd:[Ctrl + C]
+|Copy URL                        | kbd:[Ctrl + U]
+|Open URL                        | kbd:[Ctrl + Shift + U]
+|Copy TOTP                       | kbd:[Ctrl + T]
+|Copy Password and TOTP          | kbd:[Ctrl + Y]
+|Show TOTP                       | kbd:[Ctrl + Shift + T]
+|Trigger AutoType                | kbd:[Ctrl + Shift + V]
+|Add key to SSH Agent            | kbd:[Ctrl + H]
+|Remove key from SSH Agent       | kbd:[Ctrl + Shift + H]
+|Move entry up (if unsorted)     | kbd:[Ctrl + Alt + Up]
+|Move entry down (if unsorted)   | kbd:[Ctrl + Alt + Down]
+|Sort Groups A-Z                 | kbd:[Ctrl + Down]
+|Sort Groups Z-A                 | kbd:[Ctrl + Up]
+|Minimize Window                 | kbd:[Ctrl + M]
+|Hide Window                     | kbd:[Ctrl + Shift + M]
+|Select Next Database Tab        | kbd:[Ctrl + Tab] +
+_or_ +
+kbd:[Ctrl + PgDn]
+|Select Previous Database Tab    | kbd:[Ctrl + Shift + Tab] +
+_or_ +
+kbd:[Ctrl + PgUp]
+|Select the nth database         | kbd:[Ctrl + <n>], where kbd:[<n>] is the number of the database tab
+|Toggle Passwords Hidden         | kbd:[Ctrl + Shift + C]
+|Toggle Usernames Hidden         | kbd:[Ctrl + Shift + B]
+|Focus Groups (edit if focused)  | kbd:[F1]
+|Focus Entries (edit if focused) | kbd:[F2]
+|Focus Search                    | kbd:[F3] +
+_or_ +
+kbd:[Ctrl + F]
+|Clear Search                    | kbd:[Esc]
+|Show Keyboard Shortcuts         | kbd:[Ctrl + /]
 |===
 // end::content[]

docs/topics/PasswordGenerator.adoc

@@ -19,8 +19,8 @@ image::password_generator.png[]
 
 3. Select the length of the desired password by dragging the Length slider.
 4. Select the character-sets that you want to include in your password.
-5. Use the regenerate button (Ctrl + R) to make a new password using the chosen options.
-6. Use the clipboard button (Ctrl + C) to copy the generated password to the clipboard.
+5. Use the regenerate button (kbd:[Ctrl + R]) to make a new password using the chosen options.
+6. Use the clipboard button (kbd:[Ctrl + C]) to copy the generated password to the clipboard.
 7. Click the Advanced button to specify additional conditions for your desired password.
 +
 .Advanced Password Generator Options
@@ -39,6 +39,6 @@ Word Count slider.
 3. In the Word Separator field, enter a character, word, number, or space that you want to use as a separator between the words in your passphrase.
 4. _(Optional)_ You can choose a word case between lower, upper, and title case options.
 5. _(Optional)_ You can also load your own custom word lists. Click the plus sign button to the right of the wordlist selection dialog to choose a custom word list. You can download alternative lists from the https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases[EFF's Website] or from https://github.com/redacted/XKCD-password-generator#additional-languages[GitHub].
-6. Click the Regenerate button (Ctrl + R) to generate a new random passphrase.
-7. Click the Clipboard button (Ctrl + C) to copy the passphrase to the clipboard.
+6. Click the Regenerate button (kbd:[Ctrl + R]) to generate a new random passphrase.
+7. Click the Clipboard button (kbd:[Ctrl + C]) to copy the passphrase to the clipboard.
 // end::content[]

docs/topics/Reference.adoc

@@ -77,8 +77,8 @@ Examples: +
 |Press the corresponding keyboard key
 
 |{UP}, {DOWN}, {LEFT}, {RIGHT}  |Press the corresponding arrow key
-|{F1}, {F2}, ..., {F16}         |Press F1, F2, etc.
-|{LEFTBRACE}, {RIGHTBRACE}      |Press `{` or `}`, respectively
+|{F1}, {F2}, ..., {F16}         |Press kbd:[F1], kbd:[F2], etc.
+|{LEFTBRACE}, {RIGHTBRACE}      |Press kbd:[{] or kbd:[}], respectively
 |{<KEY> X}  |Repeat <KEY> X times (e.g., {SPACE 5} inserts five spaces)
 |{DELAY=X}     |Set delay between key presses to X milliseconds
 |{DELAY X}     |Pause typing for X milliseconds
@@ -90,10 +90,10 @@ Examples: +
 |===
 |Modifier |Description
 
-|+        |SHIFT
-|^        |CTRL
-|%        |ALT
-|#        |WIN/CMD
+|+        |kbd:[Shift]
+|^        |kbd:[Ctrl]
+|%        |kbd:[Alt]
+|#        |kbd:[Win]/kbd:[Cmd]
 |===
 *Text Conversions:*
 

share/translations/keepassxc_en.ts

@@ -7635,6 +7635,10 @@ Do you want to overwrite it?</source>
         <source>Entry %1 not found.</source>
         <translation type="unfinished"></translation>
     </message>
+    <message>
+        <source>ERROR: Please specify one of --attribute or --totp, not both.</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Entry with path %1 has no TOTP set up.</source>
         <translation type="unfinished"></translation>
@@ -8348,10 +8352,18 @@ Available commands:
         <source>Search term.</source>
         <translation type="unfinished"></translation>
     </message>
+    <message>
+        <source>Show the entry&apos;s current TOTP.</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Show the protected attributes in clear text.</source>
         <translation type="unfinished"></translation>
     </message>
+    <message>
+        <source>Show all the attributes of the entry.</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>Show the attachments of the entry.</source>
         <translation type="unfinished"></translation>
@@ -9236,34 +9248,6 @@ This option is deprecated, use --set-key-file instead.</source>
         <source>Tags</source>
         <translation type="unfinished"></translation>
     </message>
-    <message>
-        <source>Copy the entry&apos;s UUID to the clipboard.</source>
-        <translation type="unfinished"></translation>
-    </message>
-    <message>
-        <source>Copy the entry&apos;s tag list to the clipboard.</source>
-        <translation type="unfinished"></translation>
-    </message>
-    <message>
-        <source>ERROR: Cannot specify multiple options at once (--attribute, --totp, --uuid, --tags).</source>
-        <translation type="unfinished"></translation>
-    </message>
-    <message>
-        <source>Only show the entry&apos;s current TOTP.</source>
-        <translation type="unfinished"></translation>
-    </message>
-    <message>
-        <source>Show the entry&apos;s UUID.</source>
-        <translation type="unfinished"></translation>
-    </message>
-    <message>
-        <source>Show the entry&apos;s tags.</source>
-        <translation type="unfinished"></translation>
-    </message>
-    <message>
-        <source>Show all the attributes of the entry, including UUID and Tags.</source>
-        <translation type="unfinished"></translation>
-    </message>
 </context>
 <context>
     <name>QtIOCompressor</name>
@@ -10174,6 +10158,10 @@ This option is deprecated, use --set-key-file instead.</source>
         <source>Weak Passwords</source>
         <translation type="unfinished"></translation>
     </message>
+    <message>
+        <source>TOTP Entries</source>
+        <translation type="unfinished"></translation>
+    </message>
 </context>
 <context>
     <name>TagView</name>

src/browser/BrowserPasskeys.cpp

@@ -1,5 +1,5 @@
 /*
- *  Copyright (C) 2024 KeePassXC Team <team@keepassxc.org>
+ *  Copyright (C) 2025 KeePassXC Team <team@keepassxc.org>
  *
  *  This program is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -71,7 +71,7 @@ PublicKeyCredential BrowserPasskeys::buildRegisterPublicKeyCredential(const QJso
     }
 
     const auto authenticatorAttachment = credentialCreationOptions["authenticatorAttachment"];
-    const auto clientDataJson = credentialCreationOptions["clientDataJSON"].toObject();
+    const auto clientDataJson = credentialCreationOptions["clientDataJSON"].toString();
     const auto extensions = credentialCreationOptions["extensions"].toString();
     const auto credentialId = testingVariables.credentialId.isEmpty()
                                   ? browserMessageBuilder()->getRandomBytesAsBase64(ID_BYTES)
@@ -98,7 +98,7 @@ PublicKeyCredential BrowserPasskeys::buildRegisterPublicKeyCredential(const QJso
     // Response
     QJsonObject responseObject;
     responseObject["attestationObject"] = browserMessageBuilder()->getBase64FromArray(attestationObject);
-    responseObject["clientDataJSON"] = browserMessageBuilder()->getBase64FromJson(clientDataJson);
+    responseObject["clientDataJSON"] = browserMessageBuilder()->getBase64FromArray(clientDataJson.toUtf8());
     responseObject["clientExtensionResults"] = credentialCreationOptions["clientExtensionResults"];
 
     // Additions for extension side functions
@@ -130,8 +130,8 @@ QJsonObject BrowserPasskeys::buildGetPublicKeyCredential(const QJsonObject& asse
 
     const auto authenticatorData =
         buildAuthenticatorData(assertionOptions["rpId"].toString(), assertionOptions["extensions"].toString());
-    const auto clientDataJson = assertionOptions["clientDataJson"].toObject();
-    const auto clientDataArray = QJsonDocument(clientDataJson).toJson(QJsonDocument::Compact);
+    const auto clientDataJson = assertionOptions["clientDataJson"].toString();
+    const auto clientDataArray = clientDataJson.toUtf8();
 
     const auto signature = buildSignature(authenticatorData, clientDataArray, privateKeyPem);
     if (signature.isEmpty()) {
@@ -140,7 +140,7 @@ QJsonObject BrowserPasskeys::buildGetPublicKeyCredential(const QJsonObject& asse
 
     QJsonObject responseObject;
     responseObject["authenticatorData"] = browserMessageBuilder()->getBase64FromArray(authenticatorData);
-    responseObject["clientDataJSON"] = browserMessageBuilder()->getBase64FromJson(clientDataJson);
+    responseObject["clientDataJSON"] = browserMessageBuilder()->getBase64FromArray(clientDataArray);
     responseObject["clientExtensionResults"] = assertionOptions["clientExtensionResults"];
     responseObject["signature"] = browserMessageBuilder()->getBase64FromArray(signature);
     responseObject["userHandle"] = userHandle;

src/browser/BrowserService.cpp

@@ -330,6 +330,7 @@ QJsonObject BrowserService::createNewGroup(const QString& groupName, bool isPass
             }
 #endif
             name = newGroup->name();
+            newGroup->setCustomDataTriState(BrowserService::OPTION_HIDE_ENTRY, Group::Disable);
             uuid = Tools::uuidToHex(newGroup->uuid());
             previousGroup = newGroup;
             continue;

src/browser/PasskeyUtils.cpp

@@ -1,5 +1,5 @@
 /*
- *  Copyright (C) 2024 KeePassXC Team <team@keepassxc.org>
+ *  Copyright (C) 2025 KeePassXC Team <team@keepassxc.org>
  *
  *  This program is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -53,8 +53,8 @@ bool PasskeyUtils::checkCredentialCreationOptions(const QJsonObject& credentialC
 {
     if (!credentialCreationOptions["attestation"].isString()
         || credentialCreationOptions["attestation"].toString().isEmpty()
-        || !credentialCreationOptions["clientDataJSON"].isObject()
-        || credentialCreationOptions["clientDataJSON"].toObject().isEmpty()
+        || !credentialCreationOptions["clientDataJSON"].isString()
+        || credentialCreationOptions["clientDataJSON"].toString().isEmpty()
         || !credentialCreationOptions["rp"].isObject() || credentialCreationOptions["rp"].toObject().isEmpty()
         || !credentialCreationOptions["user"].isObject() || credentialCreationOptions["user"].toObject().isEmpty()
         || !credentialCreationOptions["residentKey"].isBool() || credentialCreationOptions["residentKey"].isUndefined()
@@ -75,7 +75,7 @@ bool PasskeyUtils::checkCredentialCreationOptions(const QJsonObject& credentialC
 // Basic check for the object that it contains necessary variables in a correct form
 bool PasskeyUtils::checkCredentialAssertionOptions(const QJsonObject& assertionOptions) const
 {
-    if (!assertionOptions["clientDataJson"].isObject() || assertionOptions["clientDataJson"].toObject().isEmpty()
+    if (!assertionOptions["clientDataJson"].isString() || assertionOptions["clientDataJson"].toString().isEmpty()
         || !assertionOptions["rpId"].isString() || assertionOptions["rpId"].toString().isEmpty()
         || !assertionOptions["userPresence"].isBool() || assertionOptions["userPresence"].isUndefined()
         || !assertionOptions["userVerification"].isBool() || assertionOptions["userVerification"].isUndefined()) {
@@ -352,15 +352,11 @@ ExtensionResult PasskeyUtils::buildExtensionData(QJsonObject& extensionObject) c
     return {};
 }
 
-QJsonObject PasskeyUtils::buildClientDataJson(const QJsonObject& publicKey, const QString& origin, bool get) const
+// Serialization order: https://w3c.github.io/webauthn/#clientdatajson-serialization
+QString PasskeyUtils::buildClientDataJson(const QJsonObject& publicKey, const QString& origin, bool get) const
 {
-    QJsonObject clientData;
-    clientData["challenge"] = publicKey["challenge"];
-    clientData["crossOrigin"] = false;
-    clientData["origin"] = origin;
-    clientData["type"] = get ? QString("webauthn.get") : QString("webauthn.create");
-
-    return clientData;
+    return QString("{\"type\":\"%1\",\"challenge\":\"%2\",\"origin\":\"%3\",\"crossOrigin\":false}")
+        .arg((get ? QString("webauthn.get") : QString("webauthn.create")), publicKey["challenge"].toString(), origin);
 }
 
 QStringList PasskeyUtils::getAllowedCredentialsFromAssertionOptions(const QJsonObject& assertionOptions) const

src/browser/PasskeyUtils.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright (C) 2024 KeePassXC Team <team@keepassxc.org>
+ *  Copyright (C) 2025 KeePassXC Team <team@keepassxc.org>
  *
  *  This program is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -58,7 +58,7 @@ public:
     bool isUserVerificationRequired(const QJsonObject& authenticatorSelection) const;
     bool isOriginAllowedWithLocalhost(bool allowLocalhostWithPasskeys, const QString& origin) const;
     ExtensionResult buildExtensionData(QJsonObject& extensionObject) const;
-    QJsonObject buildClientDataJson(const QJsonObject& publicKey, const QString& origin, bool get) const;
+    QString buildClientDataJson(const QJsonObject& publicKey, const QString& origin, bool get) const;
     QStringList getAllowedCredentialsFromAssertionOptions(const QJsonObject& assertionOptions) const;
     QString getCredentialIdFromEntry(const Entry* entry) const;
     QString getUsernameFromEntry(const Entry* entry) const;

src/cli/Clip.cpp

@@ -37,12 +37,6 @@ const QCommandLineOption Clip::TotpOption =
     QCommandLineOption(QStringList() << "t" << "totp",
                        QObject::tr("Copy the current TOTP to the clipboard (equivalent to \"-a totp\")."));
 
-const QCommandLineOption Clip::UuidOption =
-    QCommandLineOption(QStringList() << "uuid", QObject::tr("Copy the entry's UUID to the clipboard."));
-
-const QCommandLineOption Clip::TagsOption =
-    QCommandLineOption(QStringList() << "tags", QObject::tr("Copy the entry's tag list to the clipboard."));
-
 const QCommandLineOption Clip::BestMatchOption =
     QCommandLineOption(QStringList() << "b" << "best-match",
                        QObject::tr("Must match only one entry, otherwise a list of possible matches is shown."));
@@ -53,8 +47,6 @@ Clip::Clip()
     description = QObject::tr("Copy an entry's attribute to the clipboard.");
     options.append(Clip::AttributeOption);
     options.append(Clip::TotpOption);
-    options.append(Clip::UuidOption);
-    options.append(Clip::TagsOption);
     options.append(Clip::BestMatchOption);
     positionalArguments.append(
         {QString("entry"), QObject::tr("Path of the entry to clip.", "clip = copy to clipboard"), QString("")});
@@ -107,13 +99,8 @@ int Clip::executeWithDatabase(QSharedPointer<Database> database, QSharedPointer<
         return EXIT_FAILURE;
     }
 
-    auto optionCount = parser->isSet(AttributeOption) ? 1 : 0;
-    optionCount += parser->isSet(TotpOption) ? 1 : 0;
-    optionCount += parser->isSet(UuidOption) ? 1 : 0;
-    optionCount += parser->isSet(TagsOption) ? 1 : 0;
-    if (optionCount > 1) {
-        err << QObject::tr("ERROR: Cannot specify multiple options at once (--attribute, --totp, --uuid, --tags).")
-            << Qt::endl;
+    if (parser->isSet(AttributeOption) && parser->isSet(TotpOption)) {
+        err << QObject::tr("ERROR: Please specify one of --attribute or --totp, not both.") << Qt::endl;
         return EXIT_FAILURE;
     }
 
@@ -126,16 +113,11 @@ int Clip::executeWithDatabase(QSharedPointer<Database> database, QSharedPointer<
             return EXIT_FAILURE;
         }
 
+        selectedAttribute = "totp";
+        found = true;
         value = entry->totp();
-        selectedAttribute = "TOTP";
-        found = true;
-    } else if (parser->isSet(UuidOption)) {
-        value = entry->uuid().toString();
-        selectedAttribute = "UUID";
-        found = true;
-    } else if (parser->isSet(TagsOption)) {
-        value = entry->tags();
-        selectedAttribute = "Tags";
+    } else if (Utils::EntryFieldNames.contains(selectedAttribute)) {
+        value = Utils::getTopLevelField(entry, selectedAttribute);
         found = true;
     } else {
         QStringList attrs = Utils::findAttributes(*entry->attributes(), selectedAttribute);

src/cli/Clip.h

@@ -29,8 +29,6 @@ public:
 
     static const QCommandLineOption AttributeOption;
     static const QCommandLineOption TotpOption;
-    static const QCommandLineOption UuidOption;
-    static const QCommandLineOption TagsOption;
     static const QCommandLineOption BestMatchOption;
 };
 

src/cli/Show.cpp

@@ -24,21 +24,14 @@
 #include <QCommandLineParser>
 
 const QCommandLineOption Show::TotpOption =
-    QCommandLineOption(QStringList() << "t" << "totp", QObject::tr("Only show the entry's current TOTP."));
-
-const QCommandLineOption Show::UuidOption =
-    QCommandLineOption(QStringList() << "uuid", QObject::tr("Show the entry's UUID."));
-
-const QCommandLineOption Show::TagsOption =
-    QCommandLineOption(QStringList() << "tags", QObject::tr("Show the entry's tags."));
+    QCommandLineOption(QStringList() << "t" << "totp", QObject::tr("Show the entry's current TOTP."));
 
 const QCommandLineOption Show::ProtectedAttributesOption =
     QCommandLineOption(QStringList() << "s" << "show-protected",
                        QObject::tr("Show the protected attributes in clear text."));
 
 const QCommandLineOption Show::AllAttributesOption =
-    QCommandLineOption(QStringList() << "all",
-                       QObject::tr("Show all the attributes of the entry, including UUID and Tags."));
+    QCommandLineOption(QStringList() << "all", QObject::tr("Show all the attributes of the entry."));
 
 const QCommandLineOption Show::AttachmentsOption =
     QCommandLineOption(QStringList() << "show-attachments", QObject::tr("Show the attachments of the entry."));
@@ -56,8 +49,6 @@ Show::Show()
     name = QString("show");
     description = QObject::tr("Show an entry's information.");
     options.append(Show::TotpOption);
-    options.append(Show::UuidOption);
-    options.append(Show::TagsOption);
     options.append(Show::AttributesOption);
     options.append(Show::ProtectedAttributesOption);
     options.append(Show::AllAttributesOption);
@@ -72,10 +63,9 @@ int Show::executeWithDatabase(QSharedPointer<Database> database, QSharedPointer<
 
     const QStringList args = parser->positionalArguments();
     const QString& entryPath = args.at(1);
+    bool showTotp = parser->isSet(Show::TotpOption);
     bool showProtectedAttributes = parser->isSet(Show::ProtectedAttributesOption);
     bool showAllAttributes = parser->isSet(Show::AllAttributesOption);
-    bool showUuid = parser->isSet(Show::UuidOption);
-    bool showTags = parser->isSet(Show::TagsOption);
     QStringList attributes = parser->values(Show::AttributesOption);
 
     Entry* entry = database->rootGroup()->findEntryByPath(entryPath);
@@ -84,23 +74,18 @@ int Show::executeWithDatabase(QSharedPointer<Database> database, QSharedPointer<
         return EXIT_FAILURE;
     }
 
-    // Early exit if the user only wants to show the TOTP
-    if (parser->isSet(Show::TotpOption)) {
-        if (!entry->hasTotp()) {
-            err << QObject::tr("Entry with path %1 has no TOTP set up.").arg(entryPath) << Qt::endl;
-            return EXIT_FAILURE;
-        }
-
-        out << entry->totp() << Qt::endl;
-        return EXIT_SUCCESS;
+    if (showTotp && !entry->hasTotp()) {
+        err << QObject::tr("Entry with path %1 has no TOTP set up.").arg(entryPath) << Qt::endl;
+        return EXIT_FAILURE;
     }
 
-    bool attributesWereSpecified = !showUuid && !showTags;
+    bool attributesWereSpecified = true;
     if (showAllAttributes) {
         attributesWereSpecified = false;
-        showUuid = true;
-        showTags = true;
         attributes = EntryAttributes::DefaultAttributes;
+        for (QString fieldName : Utils::EntryFieldNames) {
+            attributes.append(fieldName);
+        }
         // Adding the custom attributes after the default attributes so that
         // the default attributes are always shown first.
         for (QString attributeName : entry->attributes()->keys()) {
@@ -109,16 +94,26 @@ int Show::executeWithDatabase(QSharedPointer<Database> database, QSharedPointer<
             }
             attributes.append(attributeName);
         }
-    } else if (attributes.isEmpty() && !showUuid && !showTags) {
+    } else if (attributes.isEmpty() && !showTotp) {
         // If no attributes are specified, output the default attribute set.
         attributesWereSpecified = false;
         attributes = EntryAttributes::DefaultAttributes;
-        showTags = true;
+        for (QString fieldName : Utils::EntryFieldNames) {
+            attributes.append(fieldName);
+        }
     }
 
     // Iterate over the attributes and output them line-by-line.
     bool encounteredError = false;
     for (const QString& attributeName : asConst(attributes)) {
+        if (Utils::EntryFieldNames.contains(attributeName)) {
+            if (!attributesWereSpecified) {
+                out << attributeName << ": ";
+            }
+            out << Utils::getTopLevelField(entry, attributeName) << Qt::endl;
+            continue;
+        }
+
         QStringList attrs = Utils::findAttributes(*entry->attributes(), attributeName);
         if (attrs.isEmpty()) {
             encounteredError = true;
@@ -142,14 +137,6 @@ int Show::executeWithDatabase(QSharedPointer<Database> database, QSharedPointer<
         }
     }
 
-    // Output UUID and Tags if a certain field wasn't specified
-    if (showTags) {
-        out << "Tags: " << entry->tags() << Qt::endl;
-    }
-    if (showUuid) {
-        out << "UUID: " << entry->uuid().toString() << Qt::endl;
-    }
-
     if (parser->isSet(Show::AttachmentsOption)) {
         // Separate attachment output from attributes output via a newline.
         out << Qt::endl;
@@ -169,5 +156,9 @@ int Show::executeWithDatabase(QSharedPointer<Database> database, QSharedPointer<
         }
     }
 
+    if (showTotp) {
+        out << entry->totp() << Qt::endl;
+    }
+
     return encounteredError ? EXIT_FAILURE : EXIT_SUCCESS;
 }

src/cli/Show.h

@@ -28,8 +28,6 @@ public:
     int executeWithDatabase(QSharedPointer<Database> db, QSharedPointer<QCommandLineParser> parser) override;
 
     static const QCommandLineOption TotpOption;
-    static const QCommandLineOption UuidOption;
-    static const QCommandLineOption TagsOption;
     static const QCommandLineOption AllAttributesOption;
     static const QCommandLineOption AttributesOption;
     static const QCommandLineOption ProtectedAttributesOption;

src/cli/Utils.cpp

@@ -395,6 +395,17 @@ namespace Utils
         return result;
     }
 
+    QString getTopLevelField(const Entry* entry, const QString& fieldName)
+    {
+        if (fieldName == UuidFieldName) {
+            return entry->uuid().toString();
+        }
+        if (fieldName == TagsFieldName) {
+            return entry->tags();
+        }
+        return "";
+    }
+
     QStringList findAttributes(const EntryAttributes& attributes, const QString& name)
     {
         QStringList result;

src/cli/Utils.h

@@ -34,6 +34,10 @@ namespace Utils
     extern QTextStream STDIN;
     extern QTextStream DEVNULL;
 
+    static const QString UuidFieldName = "Uuid";
+    static const QString TagsFieldName = "Tags";
+    static const QStringList EntryFieldNames(QStringList() << UuidFieldName << TagsFieldName);
+
     void setDefaultTextStreams();
     void resetTextStreams();
 
@@ -57,6 +61,10 @@ namespace Utils
      * (case-insensitive).
      */
     QStringList findAttributes(const EntryAttributes& attributes, const QString& name);
+    /**
+     * Get the value of a top-level Entry field using its name.
+     */
+    QString getTopLevelField(const Entry* entry, const QString& fieldName);
 }; // namespace Utils
 
 #endif // KEEPASSXC_UTILS_H

src/core/Entry.cpp

@@ -1369,6 +1369,9 @@ void Entry::setGroup(Group* group, bool trackPrevious)
             setPreviousParentGroup(nullptr);
             m_group->database()->addDeletedObject(m_uuid);
 
+            // Resolve references before moving to a different database
+            resolveReferencesBeforeDatabaseMove();
+
             // copy custom icon to the new database
             if (!iconUuid().isNull() && group->database() && m_group->database()->metadata()->hasCustomIcon(iconUuid())
                 && !group->database()->metadata()->hasCustomIcon(iconUuid())) {
@@ -1411,6 +1414,44 @@ Database* Entry::database()
     return nullptr;
 }
 
+void Entry::resolveReferencesBeforeDatabaseMove()
+{
+    if (!m_group || !m_group->database()) {
+        return;
+    }
+
+    // Resolve references in all default attributes
+    for (const QString& key : EntryAttributes::DefaultAttributes) {
+        if (m_attributes->contains(key) && m_attributes->isReference(key)) {
+            QString originalValue = m_attributes->value(key);
+            QString resolvedValue = resolveMultiplePlaceholdersRecursive(originalValue, 10);
+
+            // Only replace if the resolution produced a different value and it's not empty
+            // Empty resolution means the reference couldn't be resolved, so keep original
+            if (!resolvedValue.isEmpty() && resolvedValue != originalValue) {
+                bool isProtected = m_attributes->isProtected(key);
+                m_attributes->set(key, resolvedValue, isProtected);
+            }
+        }
+    }
+
+    // Resolve references in custom attributes
+    const QList<QString> customKeys = m_attributes->customKeys();
+    for (const QString& key : customKeys) {
+        if (m_attributes->isReference(key)) {
+            QString originalValue = m_attributes->value(key);
+            QString resolvedValue = resolveMultiplePlaceholdersRecursive(originalValue, 10);
+
+            // Only replace if the resolution produced a different value and it's not empty
+            // Empty resolution means the reference couldn't be resolved, so keep original
+            if (!resolvedValue.isEmpty() && resolvedValue != originalValue) {
+                bool isProtected = m_attributes->isProtected(key);
+                m_attributes->set(key, resolvedValue, isProtected);
+            }
+        }
+    }
+}
+
 QString Entry::maskPasswordPlaceholders(const QString& str) const
 {
     return QString{str}.replace(QStringLiteral("{PASSWORD}"), QStringLiteral("******"), Qt::CaseInsensitive);

src/core/Entry.h

@@ -273,6 +273,8 @@ public:
     bool canUpdateTimeinfo() const;
     void setUpdateTimeinfo(bool value);
 
+    void resolveReferencesBeforeDatabaseMove();
+
 signals:
     /**
      * Emitted when a default attribute has been changed.

src/core/EntrySearcher.cpp

@@ -221,6 +221,13 @@ bool EntrySearcher::searchEntryImpl(const Entry* entry)
             }
             found = false;
             break;
+        case Field::Has:
+            if (term.word.compare("totp", Qt::CaseInsensitive) == 0) {
+                found = entry->hasTotp();
+                break;
+            }
+            found = false;
+            break;
         case Field::Uuid:
             found = term.regex.match(entry->uuidToHex()).hasMatch();
             break;
@@ -260,6 +267,7 @@ void EntrySearcher::parseSearchTerms(const QString& searchString)
         {QStringLiteral("group"), Field::Group},
         {QStringLiteral("tag"), Field::Tag},
         {QStringLiteral("is"), Field::Is},
+        {QStringLiteral("has"), Field::Has},
         {QStringLiteral("uuid"), Field::Uuid}};
 
     // Group 1 = modifiers, Group 2 = field, Group 3 = quoted string, Group 4 = unquoted string

src/core/EntrySearcher.h

@@ -41,6 +41,7 @@ public:
         Group,
         Tag,
         Is,
+        Has,
         Uuid
     };
 

src/gui/PasswordWidget.cpp

@@ -231,7 +231,7 @@ bool PasswordWidget::eventFilter(QObject* watched, QEvent* event)
         if (isVisible() && (type == QEvent::KeyPress || type == QEvent::KeyRelease || type == QEvent::FocusIn)) {
             checkCapslockState();
         }
-        if (type == QEvent::FocusIn || type == QEvent::FocusOut) {
+        if (type == QEvent::FocusIn || type == QEvent::FocusOut || type == QEvent::Hide) {
             osUtils->setUserInputProtection(type == QEvent::FocusIn);
         }
     }

src/gui/UrlTools.cpp

@@ -171,8 +171,8 @@ bool UrlTools::isUrlValid(const QString& urlField, bool looseComparison) const
             url.remove(0, 1);
             url.remove(url.length() - 1, 1);
         } else {
-            // Do not allow URL with just wildcards, or double wildcards, or no separator (.)
-            if (url.length() == url.count("*") || url.contains("**") || url.contains("*.*") || !url.contains(".")) {
+            // Do not allow URL with just wildcards, or double wildcards
+            if (url.length() == url.count("*") || url.contains("**") || url.contains("*.*")) {
                 return false;
             }
 

src/gui/osutils/macutils/MacUtils.cpp

@@ -152,11 +152,22 @@ bool MacUtils::isCapslockEnabled()
 
 void MacUtils::setUserInputProtection(bool enable)
 {
+    static bool secureInputEnabled = false;
     if (enable) {
+        /*
+         * MacOS keeps a single counter over all apps that needs to be zero to disable secure input. By never going
+         * higher than 1 internally this makes sure secure input doesn't stay active after calling this function
+         * multiple times.
+         */
+        if (secureInputEnabled) {
+            DisableSecureEventInput();
+        }
         EnableSecureEventInput();
     } else {
         DisableSecureEventInput();
     }
+    // Store our last known state
+    secureInputEnabled = enable;
 }
 
 /**

src/gui/tag/TagModel.cpp

@@ -30,7 +30,8 @@ TagModel::TagModel(QObject* parent)
 {
     m_defaultSearches << qMakePair(tr("Clear Search"), QString("")) << qMakePair(tr("All Entries"), QString("*"))
                       << qMakePair(tr("Expired"), QString("is:expired"))
-                      << qMakePair(tr("Weak Passwords"), QString("is:weak"));
+                      << qMakePair(tr("Weak Passwords"), QString("is:weak"))
+                      << qMakePair(tr("TOTP Entries"), QString("has:totp"));
 }
 
 TagModel::~TagModel() = default;

tests/TestCli.cpp

@@ -673,14 +673,14 @@ void TestCli::testClip()
 
     // Uuid (top-level field)
     setInput("a");
-    execCmd(clipCmd, {"clip", m_dbFile->fileName(), "/Sample Entry", "0", "--uuid"});
+    execCmd(clipCmd, {"clip", m_dbFile->fileName(), "/Sample Entry", "0", "-a", "Uuid"});
     QTRY_COMPARE(clipboard->text(), QString("{9f4544c2-ab00-c74a-8a1a-6eaf26cf57e9}"));
 
     // TOTP
     setInput("a");
     execCmd(clipCmd, {"clip", m_dbFile->fileName(), "/Sample Entry", "0", "--totp"});
     QTRY_VERIFY(isTotp(clipboard->text()));
-    QCOMPARE(m_stdout->readLine(), QByteArray("Entry's \"TOTP\" attribute copied to the clipboard!\n"));
+    QCOMPARE(m_stdout->readLine(), QByteArray("Entry's \"totp\" attribute copied to the clipboard!\n"));
 
     // Test Unicode
     setInput("a");
@@ -725,7 +725,7 @@ void TestCli::testClip()
 
     setInput("a");
     execCmd(clipCmd, {"clip", m_dbFile2->fileName(), "--attribute", "Username", "--totp", "/Sample Entry", "0"});
-    QVERIFY(m_stderr->readAll().contains("ERROR: Cannot specify multiple options at once"));
+    QVERIFY(m_stderr->readAll().contains("ERROR: Please specify one of --attribute or --totp, not both.\n"));
 
     // Best option
     setInput("a");
@@ -2077,55 +2077,72 @@ void TestCli::testShow()
     QVERIFY(!showCmd.name.isEmpty());
     QVERIFY(showCmd.getDescriptionLine().contains(showCmd.name));
 
-    const QByteArray expectTitle("Title: Sample Entry");
-    const QByteArray expectUserName("UserName: User Name");
-    const QByteArray expectUrl("URL: http://www.somesite.com/");
-    const QByteArray expectUuid("UUID: {9f4544c2-ab00-c74a-8a1a-6eaf26cf57e9}");
-    const QByteArray expectNotes("Notes: Notes");
-    const QByteArray expectTags("Tags: ");
-
     setInput("a");
     execCmd(showCmd, {"show", m_dbFile->fileName(), "/Sample Entry"});
     m_stderr->readLine(); // Skip password prompt
     QCOMPARE(m_stderr->readAll(), QByteArray());
-    auto out = m_stdout->readAll();
-    QVERIFY(out.contains(expectTitle));
-    QVERIFY(out.contains(expectUserName));
-    QVERIFY(out.contains(expectUrl));
-    QVERIFY(out.contains(expectNotes));
-    QVERIFY(out.contains(expectTags));
-    QVERIFY(!out.contains(expectUuid));
-    QVERIFY(out.contains("Password: PROTECTED"));
+    QCOMPARE(m_stdout->readAll(),
+             QByteArray("Title: Sample Entry\n"
+                        "UserName: User Name\n"
+                        "Password: PROTECTED\n"
+                        "URL: http://www.somesite.com/\n"
+                        "Notes: Notes\n"
+                        "Uuid: {9f4544c2-ab00-c74a-8a1a-6eaf26cf57e9}\n"
+                        "Tags: \n"));
 
     setInput("a");
     execCmd(showCmd, {"show", "-s", m_dbFile->fileName(), "/Sample Entry"});
-    out = m_stdout->readAll();
-    QVERIFY(out.contains("Password: Password"));
+    QCOMPARE(m_stdout->readAll(),
+             QByteArray("Title: Sample Entry\n"
+                        "UserName: User Name\n"
+                        "Password: Password\n"
+                        "URL: http://www.somesite.com/\n"
+                        "Notes: Notes\n"
+                        "Uuid: {9f4544c2-ab00-c74a-8a1a-6eaf26cf57e9}\n"
+                        "Tags: \n"));
 
     setInput("a");
     execCmd(showCmd, {"show", m_dbFile->fileName(), "-q", "/Sample Entry"});
     QCOMPARE(m_stderr->readAll(), QByteArray());
-    out = m_stdout->readAll();
-    QVERIFY(out.contains(expectTitle));
-    QVERIFY(out.contains(expectUserName));
-    QVERIFY(out.contains(expectUrl));
-    QVERIFY(out.contains(expectNotes));
-    QVERIFY(out.contains(expectTags));
-    QVERIFY(!out.contains(expectUuid));
+    QCOMPARE(m_stdout->readAll(),
+             QByteArray("Title: Sample Entry\n"
+                        "UserName: User Name\n"
+                        "Password: PROTECTED\n"
+                        "URL: http://www.somesite.com/\n"
+                        "Notes: Notes\n"
+                        "Uuid: {9f4544c2-ab00-c74a-8a1a-6eaf26cf57e9}\n"
+                        "Tags: \n"));
 
     setInput("a");
     execCmd(showCmd, {"show", m_dbFile->fileName(), "--show-attachments", "/Sample Entry"});
     m_stderr->readLine(); // Skip password prompt
     QCOMPARE(m_stderr->readAll(), QByteArray());
-    out = m_stdout->readAll();
-    QVERIFY(out.contains("Attachments:\n  Sample attachment.txt (15 B)"));
+    QCOMPARE(m_stdout->readAll(),
+             QByteArray("Title: Sample Entry\n"
+                        "UserName: User Name\n"
+                        "Password: PROTECTED\n"
+                        "URL: http://www.somesite.com/\n"
+                        "Notes: Notes\n"
+                        "Uuid: {9f4544c2-ab00-c74a-8a1a-6eaf26cf57e9}\n"
+                        "Tags: \n"
+                        "\n"
+                        "Attachments:\n"
+                        "  Sample attachment.txt (15 B)\n"));
 
     setInput("a");
     execCmd(showCmd, {"show", m_dbFile->fileName(), "--show-attachments", "/Homebanking/Subgroup/Subgroup Entry"});
     m_stderr->readLine(); // Skip password prompt
     QCOMPARE(m_stderr->readAll(), QByteArray());
-    out = m_stdout->readAll();
-    QVERIFY(out.contains("No attachments present."));
+    QCOMPARE(m_stdout->readAll(),
+             QByteArray("Title: Subgroup Entry\n"
+                        "UserName: Bank User Name\n"
+                        "Password: PROTECTED\n"
+                        "URL: https://www.bank.com\n"
+                        "Notes: Important note\n"
+                        "Uuid: {20b183fd-6878-4506-a50b-06d30792aa10}\n"
+                        "Tags: \n"
+                        "\n"
+                        "No attachments present.\n"));
 
     setInput("a");
     execCmd(showCmd, {"show", "-a", "Title", m_dbFile->fileName(), "/Sample Entry"});
@@ -2136,8 +2153,8 @@ void TestCli::testShow()
     QCOMPARE(m_stdout->readAll(), QByteArray("Password\n"));
 
     setInput("a");
-    execCmd(showCmd, {"show", "--uuid", m_dbFile->fileName(), "/Sample Entry"});
-    QVERIFY(m_stdout->readAll().contains(expectUuid));
+    execCmd(showCmd, {"show", "-a", "Uuid", m_dbFile->fileName(), "/Sample Entry"});
+    QCOMPARE(m_stdout->readAll(), QByteArray("{9f4544c2-ab00-c74a-8a1a-6eaf26cf57e9}\n"));
 
     setInput("a");
     execCmd(showCmd, {"show", "-a", "Title", "-a", "URL", m_dbFile->fileName(), "/Sample Entry"});
@@ -2161,9 +2178,9 @@ void TestCli::testShow()
     execCmd(showCmd, {"show", "-t", m_dbFile->fileName(), "/Sample Entry"});
     QVERIFY(isTotp(m_stdout->readAll()));
 
-    // TOTP paramter short circuits any other parameter
     setInput("a");
     execCmd(showCmd, {"show", "-a", "Title", m_dbFile->fileName(), "--totp", "/Sample Entry"});
+    QCOMPARE(m_stdout->readLine(), QByteArray("Sample Entry\n"));
     QVERIFY(isTotp(m_stdout->readAll()));
 
     setInput("a");
@@ -2179,15 +2196,18 @@ void TestCli::testShow()
 
     setInput("a");
     execCmd(showCmd, {"show", "--all", m_dbFile->fileName(), "/Sample Entry"});
-    out = m_stdout->readAll();
-    QVERIFY(out.contains(expectTitle));
-    QVERIFY(out.contains(expectUserName));
-    QVERIFY(out.contains(expectUuid));
-    QVERIFY(out.contains(expectTags));
-    QVERIFY(out.contains("TOTP Seed: PROTECTED"));
-    QVERIFY(out.contains("TOTP Settings: 30;6"));
-    QVERIFY(out.contains("TestAttribute1: b"));
-    QVERIFY(out.contains("testattribute1: a"));
+    QCOMPARE(m_stdout->readAll(),
+             QByteArray("Title: Sample Entry\n"
+                        "UserName: User Name\n"
+                        "Password: PROTECTED\n"
+                        "URL: http://www.somesite.com/\n"
+                        "Notes: Notes\n"
+                        "Uuid: {9f4544c2-ab00-c74a-8a1a-6eaf26cf57e9}\n"
+                        "Tags: \n"
+                        "TOTP Seed: PROTECTED\n"
+                        "TOTP Settings: 30;6\n"
+                        "TestAttribute1: b\n"
+                        "testattribute1: a\n"));
 }
 
 void TestCli::testInvalidDbFiles()

tests/TestEntry.cpp

@@ -20,6 +20,9 @@
 
 #include "TestEntry.h"
 #include "core/Clock.h"
+#include "core/Database.h"
+#include "core/Entry.h"
+#include "core/EntryAttributes.h"
 #include "core/Group.h"
 #include "core/Metadata.h"
 #include "core/TimeInfo.h"
@@ -672,6 +675,85 @@ void TestEntry::testResolveClonedEntry()
     QCOMPARE(cclone4->resolveMultiplePlaceholders(cclone4->password()), original->password());
 }
 
+void TestEntry::testCrossDatabaseReferences()
+{
+    // Test that references are resolved when moving entries between databases
+    Database db1;
+    auto* root1 = db1.rootGroup();
+    Database db2;
+    auto* root2 = db2.rootGroup();
+
+    // Create original entry in database 1
+    auto* originalEntry = new Entry();
+    originalEntry->setGroup(root1);
+    originalEntry->setUuid(QUuid::createUuid());
+    originalEntry->setTitle("OriginalTitle");
+    originalEntry->setUsername("OriginalUsername");
+    originalEntry->setPassword("OriginalPassword");
+    originalEntry->setUrl("http://original.com");
+    originalEntry->setNotes("OriginalNotes");
+
+    // Create entry with references to original entry in database 1
+    auto* refEntry = new Entry();
+    refEntry->setGroup(root1);
+    refEntry->setUuid(QUuid::createUuid());
+    refEntry->setTitle(QString("{REF:T@I:%1}").arg(originalEntry->uuidToHex()));
+    refEntry->setUsername(QString("{REF:U@I:%1}").arg(originalEntry->uuidToHex()));
+    refEntry->setPassword(QString("{REF:P@I:%1}").arg(originalEntry->uuidToHex()));
+    refEntry->setUrl(QString("{REF:A@I:%1}").arg(originalEntry->uuidToHex()));
+    refEntry->setNotes(QString("{REF:N@I:%1}").arg(originalEntry->uuidToHex()));
+
+    // Add custom attribute with reference
+    refEntry->attributes()->set("CustomRef", QString("{REF:T@I:%1}").arg(originalEntry->uuidToHex()));
+
+    // Verify references work within same database
+    QCOMPARE(refEntry->resolveMultiplePlaceholders(refEntry->title()), QString("OriginalTitle"));
+    QCOMPARE(refEntry->resolveMultiplePlaceholders(refEntry->username()), QString("OriginalUsername"));
+    QCOMPARE(refEntry->resolveMultiplePlaceholders(refEntry->password()), QString("OriginalPassword"));
+    QCOMPARE(refEntry->resolveMultiplePlaceholders(refEntry->url()), QString("http://original.com"));
+    QCOMPARE(refEntry->resolveMultiplePlaceholders(refEntry->notes()), QString("OriginalNotes"));
+    QCOMPARE(refEntry->resolveMultiplePlaceholders(refEntry->attributes()->value("CustomRef")),
+             QString("OriginalTitle"));
+
+    // Verify the attributes still contain references (not yet resolved)
+    QVERIFY(refEntry->attributes()->isReference(EntryAttributes::TitleKey));
+    QVERIFY(refEntry->attributes()->isReference(EntryAttributes::UserNameKey));
+    QVERIFY(refEntry->attributes()->isReference(EntryAttributes::PasswordKey));
+    QVERIFY(refEntry->attributes()->isReference(EntryAttributes::URLKey));
+    QVERIFY(refEntry->attributes()->isReference(EntryAttributes::NotesKey));
+    QVERIFY(refEntry->attributes()->isReference("CustomRef"));
+
+    // Move the referenced entry to database 2
+    // This should resolve the references before the move
+    refEntry->setGroup(root2);
+
+    // After move, the entry should have resolved values instead of references
+    QCOMPARE(refEntry->title(), QString("OriginalTitle"));
+    QCOMPARE(refEntry->username(), QString("OriginalUsername"));
+    QCOMPARE(refEntry->password(), QString("OriginalPassword"));
+    QCOMPARE(refEntry->url(), QString("http://original.com"));
+    QCOMPARE(refEntry->notes(), QString("OriginalNotes"));
+    QCOMPARE(refEntry->attributes()->value("CustomRef"), QString("OriginalTitle"));
+
+    // Verify that the references have been replaced with actual values
+    QVERIFY(!refEntry->attributes()->isReference(EntryAttributes::TitleKey));
+    QVERIFY(!refEntry->attributes()->isReference(EntryAttributes::UserNameKey));
+    QVERIFY(!refEntry->attributes()->isReference(EntryAttributes::PasswordKey));
+    QVERIFY(!refEntry->attributes()->isReference(EntryAttributes::URLKey));
+    QVERIFY(!refEntry->attributes()->isReference(EntryAttributes::NotesKey));
+    QVERIFY(!refEntry->attributes()->isReference("CustomRef"));
+
+    // Test case where original entry doesn't exist (should keep the reference string)
+    auto* orphanEntry = new Entry();
+    orphanEntry->setGroup(root1);
+    orphanEntry->setUuid(QUuid::createUuid());
+    orphanEntry->setTitle("{REF:T@I:NONEXISTENTUUID}");
+
+    // Move orphan entry - the unresolvable reference should remain unchanged
+    orphanEntry->setGroup(root2);
+    QCOMPARE(orphanEntry->title(), QString("{REF:T@I:NONEXISTENTUUID}"));
+}
+
 void TestEntry::testIsRecycled()
 {
     auto entry = new Entry();

tests/TestEntry.h

@@ -39,6 +39,7 @@ private slots:
     void testResolveConversionPlaceholders();
     void testResolveReplacePlaceholders();
     void testResolveClonedEntry();
+    void testCrossDatabaseReferences();
     void testIsRecycled();
     void testMoveUpDown();
     void testPreviousParentGroup();

tests/TestEntrySearcher.cpp

@@ -18,6 +18,7 @@
 #include "TestEntrySearcher.h"
 #include "core/Group.h"
 #include "core/Tools.h"
+#include "core/Totp.h"
 
 #include <QTest>
 
@@ -394,3 +395,42 @@ void TestEntrySearcher::testUUIDSearch()
     m_searchResult = m_entrySearcher.search("uuid:" + Tools::uuidToHex(uuid1), m_rootGroup);
     QCOMPARE(m_searchResult.count(), 1);
 }
+
+void TestEntrySearcher::testTotpSearch()
+{
+    auto entry1 = new Entry();
+    entry1->setGroup(m_rootGroup);
+    entry1->setTitle("Regular Entry");
+
+    auto entry2 = new Entry();
+    entry2->setGroup(m_rootGroup);
+    entry2->setTitle("TOTP Entry");
+    // Set up TOTP on entry2
+    auto totpSettings = Totp::createSettings("GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ", 6, 30);
+    entry2->setTotp(totpSettings);
+
+    auto entry3 = new Entry();
+    entry3->setGroup(m_rootGroup);
+    entry3->setTitle("Another TOTP Entry");
+    // Set up TOTP on entry3
+    auto totpSettings2 = Totp::createSettings("MFRGG43UEBUXGIDBKRWXAZLSMUQGG6LQ", 6, 30);
+    entry3->setTotp(totpSettings2);
+
+    // Test searching for TOTP entries
+    m_searchResult = m_entrySearcher.search("has:totp", m_rootGroup);
+    QCOMPARE(m_searchResult.count(), 2);
+    QVERIFY(m_searchResult.contains(entry2));
+    QVERIFY(m_searchResult.contains(entry3));
+    QVERIFY(!m_searchResult.contains(entry1));
+
+    // Test case insensitive search
+    m_searchResult = m_entrySearcher.search("has:TOTP", m_rootGroup);
+    QCOMPARE(m_searchResult.count(), 2);
+
+    // Test excluding TOTP entries
+    m_searchResult = m_entrySearcher.search("!has:totp", m_rootGroup);
+    QCOMPARE(m_searchResult.count(), 1);
+    QVERIFY(m_searchResult.contains(entry1));
+    QVERIFY(!m_searchResult.contains(entry2));
+    QVERIFY(!m_searchResult.contains(entry3));
+}

tests/TestEntrySearcher.h

@@ -39,6 +39,7 @@ private slots:
     void testGroup();
     void testSkipProtected();
     void testUUIDSearch();
+    void testTotpSearch();
 
 private:
     Group* m_rootGroup;

tests/TestPasskeys.cpp

@@ -1,5 +1,5 @@
 /*
- *  Copyright (C) 2024 KeePassXC Team <team@keepassxc.org>
+ *  Copyright (C) 2025 KeePassXC Team <team@keepassxc.org>
  *
  *  This program is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -440,12 +440,12 @@ void TestPasskeys::testGet()
     auto response = publicKeyCredential["response"].toObject();
     QCOMPARE(response["authenticatorData"].toString(), QString("dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvAFAAAAAA"));
     QCOMPARE(response["clientDataJSON"].toString(),
-             QString("eyJjaGFsbGVuZ2UiOiI5ejM2dlRmUVRMOTVMZjdXblpneXRlN29oR2VGLVhSaUx4a0wtTHVHVTF6b3BSbU1JVUExTFZ3ekdwe"
-                     "UltMWZPQm4xUW5SYTBRSDI3QURBYUpHSHlzUSIsImNyb3NzT3JpZ2luIjpmYWxzZSwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdX"
-                     "Robi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5nZXQifQ"));
+             QString("eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiOXozNnZUZlFUTDk1TGY3V25aZ3l0ZTdvaEdlRi1YUmlMeGtML"
+                     "Ux1R1Uxem9wUm1NSVVBMUxWd3pHcHlJbTFmT0JuMVFuUmEwUUgyN0FEQWFKR0h5c1EiLCJvcmlnaW4iOiJodHRwczovL3dlYm"
+                     "F1dGhuLmlvIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ"));
     QCOMPARE(
         response["signature"].toString(),
-        QString("MEUCIHFv0lOOGGloi_XoH5s3QDSs__8yAp9ZTMEjNiacMpOxAiEA04LAfO6TE7j12XNxd3zHQpn4kZN82jQFPntPiPBSD5c"));
+        QString("MEYCIQCpbDaYJ4b2ofqWBxfRNbH3XCpsyao7Iui5lVuJRU9HIQIhAPl5moNZgJu5zmurkKK_P900Ct6wd3ahVIqCEqTeeRdE"));
 
     auto clientDataJson = response["clientDataJSON"].toString();
     auto clientDataByteArray = browserMessageBuilder()->getArrayFromBase64(clientDataJson);

tests/TestUrlTools.cpp

@@ -160,6 +160,7 @@ void TestUrlTools::testIsUrlValidWithLooseComparison()
     urls["https://example.*"] = false;
     urls["https://*.example.*"] = false;
     urls["https://example.c*"] = false;
+    urls["https://myowndomain:8000"] = true;
 
     QHashIterator<QString, bool> i(urls);
     while (i.hasNext()) {

utils/keepassxc-kdewallet

@@ -9,14 +9,14 @@ KEEPASSXC=$(which -a keepassxc | sed -e "\\,$0,d" -e 'q')
 
 daemon_main() {
   # open kdewallet
-  handle=$(qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.open kdewallet 0 "$PROG")
-  while [[ true != $(qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.isOpen kdewallet) ]]; do
+  handle=$(qdbus6 org.kde.kwalletd6 /modules/kwalletd6 open kdewallet 0 "$PROG")
+  while [[ true != $(qdbus6 org.kde.kwalletd6 /modules/kwalletd6 isOpen kdewallet) ]]; do
     sleep 1
   done
 
   declare -A DBs
   for DBPATH in $(ls -r $KDBX_SEARCH); do
-    DBs[$(realpath $DBPATH)]=$(qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.readPassword "$handle" "Passwords" "${DBPATH##*/}" "$PROG")
+    DBs[$(realpath $DBPATH)]=$(qdbus6 org.kde.kwalletd6 /modules/kwalletd6 readPassword "$handle" "Passwords" "${DBPATH##*/}" "$PROG")
   done
 
   # launch real keepassxc
@@ -24,7 +24,7 @@ daemon_main() {
   "$KEEPASSXC" --pw-stdin "${!DBs[@]}" <<<"${DBs[*]}" &
 
   # done with kdewallet
-  qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.close "$handle" "false" "$PROG"
+  qdbus6 org.kde.kwalletd6 /modules/kwalletd6 close "$handle" "false" "$PROG"
 }
 
 if [[ $1 == '-d' ]]; then