keepassxc
From Whonix
Documentation for this is incomplete. Contributions are happily considered!
Installation[edit]
Recommended to be installed inside an offline VM (vault). [1] When you want to keepassxc as replacement for Google Authenticator (actually TTOP, Time based One Time Password) Two Factor Authentication (2FA)) then a Debian based VM is more suitable than a Whonix-Workstation ™ based VM. [2]
Packages yubikey-personalization yubikey-personalization-gui are YubiKey related. Users not using YubiKey can skip installation of these packages and install keepassxc only.
Install keepassxc yubikey-personalization yubikey-personalization-gui.
1. Update the package lists.
sudo apt-get update
2. Upgrade the system.
sudo apt-get dist-upgrade
3. Install the keepassxc yubikey-personalization yubikey-personalization-gui package.
Using apt-get command line parameter --no-install-recommends is in most cases optional.
sudo apt-get install --no-install-recommends keepassxc yubikey-personalization yubikey-personalization-gui
The procedure of installing keepassxc yubikey-personalization yubikey-personalization-gui is complete.
Autostart[edit]
Optional. If you like to autostart keepassxc.
Create folder ~/.config/autostart/.
mkdir -p ~/.config/autostart/
Open ~/.config/autostart/keepassxc.desktop in an editor as a regular, non-root user.
If you are using a graphical environment, run.
mousepad ~/.config/autostart/keepassxc.desktop
If you are using a terminal, run.
nano ~/.config/autostart/keepassxc.desktop
Paste the following content.
[Desktop Entry] Type=Application Name=keepassxc Exec=keepassxc
Save.
The process is now complete.
Usage[edit]
1. Use of an offline VM (vault) is recommended.
2. Make sure clock is correct.
Whonix-Workstation ™ is unsuitable due to Boot Clock Randomization and sdwdate clock randomization. (Unless disabled and offline.)
3. To start.
keepassxc
4. Create a new database.
5. Default file name Passwords.kdbx is ok.
If you are using Full Disk Encryption you might want to use a very easy password. Up to you.
6. Left click on root.
7. Menu → Entries → Add new entry → under Title: write any name name (such as test) → OK.
8. Right click on the new entry (such as test) → Time-based one-time password → set up TOTP → Default RFC 6238 token settings → paste 2FA code → OK.
9. Right click on the new entry (such as test) → Time-based one-time password → show TOTP.
Time Fix[edit]
2FA TTOP code changes every 30 seconds. So clock needs to be reasonable correct.
Troubleshoting only. If code does not match.
Set timezone to UTC for simplicity.
sudo cp /usr/share/zoneinfo/Etc/UTC /etc/localtime
Go to https://www.timeanddate.com/worldclock/timezone/utc [archive] or any other similar source to find out the time in UTC.
Fix the click. Change the date and time accordingly!
sudo date -s "26 SEPT 2018 11:54:25"
Check if the clock is correct now.
date
Getting the Browser Extension To Work[edit]
| Community Support Only!: | |
|---|---|
|
|
Install the browser addon from https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/ [archive]
(OPTIONAL) Install a more recent version of keepassxc (See https://backports.debian.org/Instructions/ [archive])
Create the following symlink to get the proxy to work:
cd ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/.mozilla
ln -s /home/user/.mozilla/native-messaging-hosts native-messaging-hosts
Notes:
If the .mozilla folder does not exist, create it.
Also take a look at https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide [archive]
Footnotes[edit]
- ↑
- In Qubes, apt-get package installation could be done in TemplateVM.
- In Qubes, download and verification could be done in a temporary TemplateBased AppVM, ideally Qubes/DisposableVM. Then move to offline vault VM.
- In Non-Qubes-Whonix ™: install first, then disconnect internet and never re-enable internet access. TODO document
- ↑ Because accurate time required for TTOP and due to Boot Clock Randomization and sdwdate anonymizing time.
- ↑ https://addons.mozilla.org/de/firefox/addon/passifox/ [archive]
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Love Whonix ™ and want to help spread the word? You can start by telling your friends or posting news about Whonix ™ on your website, blog or social media.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.