KeePass Help Center KeePass Home | Downloads | Translations | Plugins | Donate 
Help Center Home | Forums | Awards | Links 

Repairing Databases

KeePass can repair corrupted databases in some cases.

KeePass has quite some features to avoid database file corruption (transacted database writing, device buffer flushing, ...). However, data corruption can still be caused by other programs, the system or broken storage devices (note that KeePass by default is verifying the integrity of database files immediately after writing them, i.e. at this point of time, KeePass guarantees file integrity; however, KeePass of course can't do anything when the data becomes corrupted/unreadable at a later point of time).

In these cases, the database repair functionality might help you. Here, KeePass tries to read as much data as possible from the corrupted file.

Warning In repair mode, the integrity of the data is not checked (in order to rescue as much data as possible). When no integrity checks are performed, corrupted/malicious data might be incorporated into the database. Thus the repair functionality should only be used when there really is no other solution. If you use it, afterwards you should thoroughly check your whole database for corrupted/malicious data.

KeePass 1.x Only
In KeePass 1.x, the repair functionality can be found in 'Tools''Repair Database File...'.

KeePass 2.x Only
In order to use the repair functionality in KeePass 2.x, first create a new database file. Then, go 'File''Import' and import the corrupted database file, using 'KeePass KDBX (2.x) (Repair Mode)' as format.

Anyway, if you've lost the master key for the database, the repair functionality cannot help you. Also, if the header of the database (first few bytes) is corrupted, you're out of luck, too: the repair functionality won't be able to restore any entries (because the header contains information required to decrypt the database).

The repair functionality should be seen as last hope. Regularly making backups of your databases is much better and has to be preferred. Backups have no cryptographic security implications. There are plugins that automate the backup process, see the KeePass plugins page.

File Header/Signature

If your database file has been deleted and you want to try recovering it using a tool that supports a file header/signature detection: below you can find the first bytes (in hex notation) with which all database files begin.

  • KeePass 1.x KDB File:
    03 D9 A2 9A 65 FB 4B B5
  • KeePass 2.x KDBX File:
    03 D9 A2 9A 67 FB 4B B5

The file header does not contain a field that specifies the length of the file. If the length cannot be determined from the file system, try to recover sufficiently much data (i.e. the database file data and maybe some subsequent, unnecessary data) and use the repair functionality above, which will simply ignore any subsequent data.

Get KeePass