Multi Cert KeyProvider Plugin

MultiCertKeyProvider is a KeyProvider Plugin for KeePass.

It allows KeePass to use an AES-Key, which is encrypted with the X509-Certificate (use RSA-Keys) of one or more users stored in a XML-File ([database].kmx), as a master key source.

After the selection of a X509-Certificate, it searchs the XML-File for the certificates subject, gets the respective, encrpyted AES-Key and decrypt it with the certificate. KeePass will use the returned decrypted AES-Key along with the other given credentials (like password, keyfile) for encrypting your passwords.

Each XML-Entry within the XML-File represents one with a X509-Certificate encrypted AES-Key. For maintaining the XML-Entries within the XML-File, containing the AES-Key encrpyted with one or more X509-Certificates, the application KeyManagerRSA could be used (see Menu).

Example for the file content (simplified):

      <subject>User 1 </subject>
      <subject>User 1+n </subject>

For more information about KeePass Security, please have a look at the KeePass Security Page.


  • Windows Operatingsystem
  • KeePass (Version 2.0.9 or above, Download)
  • X509-Certificate (with Usage DataEncipherment enabled)


The last, most recent version can be found here (source).

Change Log

Version 0.1
 - initial Version

Version 0.2
 - Changing file-extension from *.xml to *.kmx