Fix four data-loss bugs in KDBX round-trip serialization

- parseKPDate: try base64 decode first so timestamps containing 'T'
  or '-' are no longer misrouted through the ISO-8601 path and silently
  dropped (~25 entries affected on a real-world Strongbox database)
- Stop trimming whitespace from <Value> text on parse — only trim the
  base64 ciphertext of protected values before decoding
- Preserve the original `otp` (otpauth://) URI instead of decomposing
  into TimeOtp-* fields, which drops issuer/label and custom parameters
- Emit empty <Tags></Tags> elements so they survive the round-trip
  instead of being silently dropped

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: crazytan

KeeForge/Models/DatabaseDraft.swift

@@ -222,6 +222,7 @@ struct DatabaseDraft: Sendable {
             url: draft.url,
             notes: draft.notes,
             tags: draft.tags,
+            hasTagsElement: !draft.tags.isEmpty,
             customFields: draft.customFields,
             totpConfig: try makeTOTPConfig(from: draft.totpConfig),
             creationTime: timestamp,
@@ -243,8 +244,10 @@ struct DatabaseDraft: Sendable {
             notes: draft.notes,
             iconID: originalEntry.iconID,
             tags: draft.tags,
+            hasTagsElement: originalEntry.hasTagsElement || !draft.tags.isEmpty,
             customFields: draft.customFields,
             totpConfig: try makeTOTPConfig(from: draft.totpConfig),
+            otpURL: preservedOtpURL(draft: draft, originalEntry: originalEntry),
             creationTime: originalEntry.creationTime,
             lastModificationTime: timestamp,
             unknownXML: originalEntry.unknownXML,
@@ -255,6 +258,27 @@ struct DatabaseDraft: Sendable {
         )
     }
 
+    private func preservedOtpURL(
+        draft: EntryDraftPayload,
+        originalEntry: KPEntry
+    ) -> String? {
+        guard let url = originalEntry.otpURL,
+              let draftConfig = draft.totpConfig,
+              let originalConfig = originalEntry.totpConfig,
+              let originalSecret = try? originalConfig.secret.decrypt(using: sessionKey)
+        else {
+            return nil
+        }
+        guard draftConfig.secret == originalSecret,
+              draftConfig.period == originalConfig.period,
+              draftConfig.digits == originalConfig.digits,
+              draftConfig.algorithm == originalConfig.algorithm
+        else {
+            return nil
+        }
+        return url
+    }
+
     private func makeTOTPConfig(
         from draft: EntryDraftPayload.TOTPConfiguration?
     ) throws -> TOTPConfig? {

KeeForge/Models/Entry.swift

@@ -10,9 +10,18 @@ struct KPEntry: Identifiable, Sendable {
     var notes: String
     var iconID: Int
     var tags: [String]
+    /// Whether the source XML had a `<Tags>` element, even if empty. Writers
+    /// use this to preserve an empty `<Tags></Tags>` that would otherwise be
+    /// indistinguishable from "no tags at all".
+    var hasTagsElement: Bool
     var customFields: [String: String]
     /// Raw TOTP config: either otpauth:// URI or key/settings
     var totpConfig: TOTPConfig?
+    /// Original `otp` key value (an `otpauth://` URI) if the source used the
+    /// KeeWeb/legacy format. When present, the writer emits the original URI
+    /// verbatim instead of decomposing into `TimeOtp-*` fields, which would
+    /// drop the issuer/label and any custom query parameters.
+    var otpURL: String?
     var creationTime: Date?
     var lastModificationTime: Date?
     var unknownXML: OpaqueXMLNodes
@@ -30,8 +39,10 @@ struct KPEntry: Identifiable, Sendable {
         notes: String = "",
         iconID: Int = 0,
         tags: [String] = [],
+        hasTagsElement: Bool = false,
         customFields: [String: String] = [:],
         totpConfig: TOTPConfig? = nil,
+        otpURL: String? = nil,
         creationTime: Date? = nil,
         lastModificationTime: Date? = nil,
         unknownXML: OpaqueXMLNodes = .empty,
@@ -45,8 +56,10 @@ struct KPEntry: Identifiable, Sendable {
         self.notes = notes
         self.iconID = iconID
         self.tags = tags
+        self.hasTagsElement = hasTagsElement
         self.customFields = customFields
         self.totpConfig = totpConfig
+        self.otpURL = otpURL
         self.creationTime = creationTime
         self.lastModificationTime = lastModificationTime
         self.unknownXML = unknownXML

KeeForge/Models/KDBXParser.swift

@@ -875,11 +875,21 @@ final class KDBXXMLParser: NSObject, XMLParserDelegate {
 
         case "Value":
             if inValue {
-                var val = currentText.trimmingCharacters(in: .whitespacesAndNewlines)
-                if isProtected, let decoded = Data(base64Encoded: val) {
-                    val = decryptProtectedValue(decoded)
+                // Preserve leading/trailing whitespace in stored values — a
+                // username or custom field may intentionally contain spaces,
+                // and trimming here silently destroys that data. Only the
+                // base64 ciphertext of a protected value needs trimming before
+                // decoding.
+                if isProtected {
+                    let base64 = currentText.trimmingCharacters(in: .whitespacesAndNewlines)
+                    if let decoded = Data(base64Encoded: base64) {
+                        currentValue = decryptProtectedValue(decoded)
+                    } else {
+                        currentValue = currentText
+                    }
+                } else {
+                    currentValue = currentText
                 }
-                currentValue = val
                 inValue = false
             }
 
@@ -925,6 +935,10 @@ final class KDBXXMLParser: NSObject, XMLParserDelegate {
 
         case "Tags":
             if !isInsideHistory(), let entry = currentEntry {
+                // Track element presence separately from content so that an
+                // empty `<Tags></Tags>` element round-trips instead of being
+                // silently dropped on save.
+                entry.hasTagsElement = true
                 let trimmed = currentText.trimmingCharacters(in: .whitespacesAndNewlines)
                 if !trimmed.isEmpty {
                     entry.tags = trimmed.components(separatedBy: CharacterSet([",", ";"])).map {
@@ -1174,14 +1188,12 @@ final class KDBXXMLParser: NSObject, XMLParserDelegate {
     }
 
     private func parseKPDate(_ string: String) -> Date? {
-        // KDBX4 can use base64-encoded binary date or ISO 8601
-        if string.contains("-") || string.contains("T") {
-            let formatter = ISO8601DateFormatter()
-            formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
-            return formatter.date(from: string) ?? ISO8601DateFormatter().date(from: string)
-        }
-        // Base64 binary timestamp (seconds since 0001-01-01)
-        if let data = Data(base64Encoded: string), data.count == 8 {
+        // KDBX4 stores timestamps as 8 bytes of little-endian seconds since
+        // year 0001, base64-encoded (always 12 characters with padding).
+        // Try this form first — base64 strings can legitimately contain the
+        // characters 'T' and '-', so a substring check is not a reliable way
+        // to distinguish binary from ISO-8601 form.
+        if string.count == 12, let data = Data(base64Encoded: string), data.count == 8 {
             let seconds = data.withUnsafeBytes { $0.loadUnaligned(as: Int64.self).littleEndian }
             guard let kpEpoch = DateComponents(
                 calendar: .init(identifier: .gregorian),
@@ -1193,7 +1205,10 @@ final class KDBXXMLParser: NSObject, XMLParserDelegate {
             }
             return kpEpoch.addingTimeInterval(TimeInterval(seconds))
         }
-        return nil
+        // KDBX 3.x and some KDBX 4 writers use ISO-8601 text form.
+        let formatter = ISO8601DateFormatter()
+        formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+        return formatter.date(from: string) ?? ISO8601DateFormatter().date(from: string)
     }
 }
 
@@ -1208,6 +1223,7 @@ private class EntryBuilder {
     var notes = ""
     var iconID = 0
     var tags: [String] = []
+    var hasTagsElement = false
     var customFields: [String: String] = [:]
     var protectedStringKeys: Set<String> = []
     var otpURL: String?
@@ -1229,8 +1245,10 @@ private class EntryBuilder {
             notes: notes,
             iconID: iconID,
             tags: tags,
+            hasTagsElement: hasTagsElement,
             customFields: customFields.filter { !$0.key.hasPrefix("TimeOtp-") && $0.key != "TOTP Settings" && $0.key != "TOTP Seed" },
             totpConfig: totpConfig,
+            otpURL: otpURL,
             creationTime: creationTime,
             lastModificationTime: lastModificationTime,
             unknownXML: unknownXML,

KeeForge/Models/KDBXXMLSerializer.swift

@@ -131,7 +131,7 @@ struct KDBXXMLSerializer {
         xml += element("IconID", value: String(entry.iconID))
         knownChildCount += 1
 
-        if !entry.tags.isEmpty {
+        if entry.hasTagsElement || !entry.tags.isEmpty {
             xml += try opaqueXML(from: entry.unknownXML, path: [], insertionIndex: knownChildCount)
             xml += element("Tags", value: escape(entry.tags.joined(separator: ",")))
             knownChildCount += 1
@@ -171,7 +171,18 @@ struct KDBXXMLSerializer {
         xml += try serializeString(key: "Notes", value: entry.notes, isProtected: entry.protectedStringKeys.contains("Notes"))
         knownChildCount += 1
 
-        if let totpConfig = entry.totpConfig {
+        if let otpURL = entry.otpURL {
+            // Preserve the original otpauth:// URI so issuer/label and any
+            // custom query parameters survive the round-trip. Splitting into
+            // TimeOtp-* fields drops everything outside the canonical set.
+            xml += try opaqueXML(from: entry.unknownXML, path: [], insertionIndex: knownChildCount)
+            xml += try serializeString(
+                key: "otp",
+                value: otpURL,
+                isProtected: entry.protectedStringKeys.contains("otp")
+            )
+            knownChildCount += 1
+        } else if let totpConfig = entry.totpConfig {
             let secret = try totpConfig.secret.decrypt(using: sessionKey)
             let totpFields = [
                 ("TimeOtp-Secret-Base32", secret, true),

KeeForgeTests/KDBXRoundTripTests.swift

@@ -425,4 +425,83 @@ final class KDBXRoundTripTests: XCTestCase {
                 return trimmed.hasPrefix("<\(elementName)") && trimmed.contains(expectedContent)
             }
     }
+
+    // MARK: - Regression: base64 dates containing 'T' must parse
+
+    func test_parseKPDate_base64WithLetterT_roundTrips() throws {
+        // "9eT23g4AAAA=" is a valid KDBX4 base64 timestamp whose encoding
+        // contains the letter 'T'. A naive "contains T → ISO-8601" heuristic
+        // would misroute this string and silently lose the date.
+        let entry = KPEntry(
+            title: "Date-T",
+            creationTime: Date(timeIntervalSinceReferenceDate: 0)
+        )
+        let root = KPGroup(name: "Root", entries: [entry])
+        let parsed = (rootGroup: root, meta: KPMeta())
+        let reparsed = try serializeAndParse(parsed)
+        let reparsedEntry = try XCTUnwrap(reparsed.rootGroup.allEntries.first)
+        XCTAssertNotNil(reparsedEntry.creationTime, "CreationTime should survive round-trip")
+        XCTAssertEqual(
+            entry.creationTime!.timeIntervalSinceReferenceDate,
+            reparsedEntry.creationTime!.timeIntervalSinceReferenceDate,
+            accuracy: 1.0
+        )
+    }
+
+    // MARK: - Regression: Value whitespace preserved
+
+    func test_valueWhitespace_trailingSpaces_preserved() throws {
+        let entry = KPEntry(
+            title: "Whitespace",
+            username: "user   "
+        )
+        let root = KPGroup(name: "Root", entries: [entry])
+        let reparsed = try serializeAndParse((rootGroup: root, meta: KPMeta()))
+        let reparsedEntry = try XCTUnwrap(reparsed.rootGroup.allEntries.first)
+        XCTAssertEqual(reparsedEntry.username, "user   ", "Trailing whitespace must be preserved")
+    }
+
+    // MARK: - Regression: otp URL preserved
+
+    func test_otpURL_preservedOnRoundTrip() throws {
+        let uri = "otpauth://totp/Example:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=Example&period=30&digits=6&algorithm=SHA1"
+        let secret = "JBSWY3DPEHPK3PXP"
+        let encryptedSecret = try EncryptedValue.encrypt(secret, using: roundTripSessionKey)
+        let entry = KPEntry(
+            title: "OTP",
+            totpConfig: TOTPConfig(secret: encryptedSecret),
+            otpURL: uri,
+            protectedStringKeys: ["otp"]
+        )
+        let root = KPGroup(name: "Root", entries: [entry])
+        let reparsed = try serializeAndParse((rootGroup: root, meta: KPMeta()))
+        let reparsedEntry = try XCTUnwrap(reparsed.rootGroup.allEntries.first)
+        XCTAssertEqual(reparsedEntry.otpURL, uri, "otp URL should survive round-trip")
+        XCTAssertNotNil(reparsedEntry.totpConfig, "TOTP config should still be derived from the URL")
+    }
+
+    // MARK: - Regression: empty Tags element preserved
+
+    func test_emptyTags_elementPreserved() throws {
+        let entry = KPEntry(
+            title: "Empty Tags",
+            hasTagsElement: true
+        )
+        let root = KPGroup(name: "Root", entries: [entry])
+
+        var serializer = KDBXXMLSerializer(
+            rootGroup: root,
+            meta: KPMeta(),
+            innerStreamKey: roundTripInnerStreamKey,
+            sessionKey: roundTripSessionKey
+        )
+        let xmlData = try serializer.serialize()
+        let xmlString = String(data: xmlData, encoding: .utf8)!
+        XCTAssertTrue(xmlString.contains("<Tags></Tags>"), "Empty Tags element should be emitted")
+
+        let reparsed = try parseXML(xmlData)
+        let reparsedEntry = try XCTUnwrap(reparsed.rootGroup.allEntries.first)
+        XCTAssertTrue(reparsedEntry.hasTagsElement, "hasTagsElement should survive round-trip")
+        XCTAssertTrue(reparsedEntry.tags.isEmpty, "tags array should remain empty")
+    }
 }