keepassxc-cli not opening database

Question

My password is stored in a file and I need to automate the unlocking of the KeepassXC DB using CLI interface with a simple command on Windows (PowerShell preferably).

Get-Content -Encoding UTF8 L:\k.txt | .\keepassxc-cli.exe open --key-file '.\temp.keyx' '.\temp.kdbx'

But I keep getting the following error saying incorrect password:

Error while reading the database: Invalid credentials were provided, please try again.
If this reoccurs, then your database file may be corrupt. (HMAC mismatch)

Now, If I just run Get-Content command and copy the output as following:

Get-Content -Encoding UTF8 L:\k.txt | Set-Clipboard

and paste in the KeepassXC GUI, it works (DB get unlocked, meaning the password is correct, and the database file is not corrupted), but if I paste it in the password prompt in the CLI it doesn't work, and I get the above error message.

Why so? Is this a bug in the CLI, or am I doing something wrong?

Answer 1

Based on the answer by @harrymc, I looked at ways to change the default code page for PowerShell and based on this answer by setting
$OutputEncoding = [System.Text.UTF8Encoding]::new(),
I was able to change the code page to 65001-UTF8 for that shell session.

The Command:
Get-Content -Encoding UTF8 L:\k.txt | .\keepassxc-cli.exe open --key-file '.\temp.keyx' '.\temp.kdbx' doesn't work, meaning a shell prompt appears, which is unresponsive (No input from keyboard or mouse is reflected in the prompt), and also the database still appears locked globally.

But another command:
Get-Content -Encoding UTF8 L:\k.txt | .\keepassxc-cli.exe show --key-file '.\temp.keyx' '.\temp.kdbx' 'stackoverflow'
Shows the properties of the entry as stored in the database, implying the database was unlocked successfully.

Some other commands such as keepassxc-cli.exe ls <database> and keepassxc-cli.exe search <database> 'user@outlook.com' also work successfully.

Answer 2

I think you have run into thus bug-report:
DB impossible to open with keepassxc-cli when using non-ASCII (UTF-8) chars in passphrase : #2413.

The poster concluded with these words :

I found the problem. When run from cmd or PowerShell, the input and output encoding is cp850, which is the DOS codepage, instead of cp1252 which is used for GUI applications. When run from a cygwin/Msys2 bash, the encoding is UTF-8, which isn't the system encoding reported by Qt either.

I suggest to avoid non-ASCII characters in your pass-phrase/password, since they are not correctly piped to keepassxc-cli. By copying and pasting these characters, you have used the UTF8 encoding all the way through, so conserved these characters.