Actions

keepassxc

From Whonix



Ambox warning pn.svg.png Documentation for this is incomplete. Contributions are happily considered!

Installation[edit]

Recommended to be installed inside an offline VM (vault). [1] When you want to keepassxc as replacement for Google Authenticator (actually TTOP, Time based One Time Password) Two Factor Authentication (2FA)) then a Debian based VM is more suitable than a Whonix-Workstation ™ based VM. [2]

Packages yubikey-personalization yubikey-personalization-gui are YubiKey related. Users not using YubiKey can skip installation of these packages and install keepassxc only.

1. Update the package lists.

sudo apt-get update

2. Upgrade the system.

sudo apt-get dist-upgrade

3. Install the keepassxc yubikey-personalization yubikey-personalization-gui package.

sudo apt-get install keepassxc yubikey-personalization yubikey-personalization-gui

The procedure is complete.

[3]

Autostart[edit]

Optional. If you like to autostart keepassxc.

Create folder ~/.config/autostart/.

mkdir -p  ~/.config/autostart/

Open ~/.config/autostart/keepassxc.desktop in an editor as a regular, non-root user.

If you are using a graphical environment, run.

mousepad ~/.config/autostart/keepassxc.desktop

If you are using a terminal, run.

nano ~/.config/autostart/keepassxc.desktop

Paste the following content.

[Desktop Entry]
Type=Application
Name=keepassxc
Exec=keepassxc

Save.

The process is now complete.

Usage[edit]

To start.

keepassxc

First run question: either answer is ok.

Create a new database.

Default file name Passwords.kdbx is ok.

If you are using Full Disk Encryption you might want to use a very easy password. Up to you.

Left click one time on root

Then go to menu → entries → Add new entry → any name name as test → ok

right click on test → time based on time password → set up TOTP → Default → paste 2FA code → ok

right click on test again → time based on time password → show TOTP

Time Fix[edit]

2FA TTOP code changes every 30 seconds. So clock needs to be reasonable correct.

Troubleshoting only. If code does not match.

Set timezone to UTC for simplicity.

sudo cp /usr/share/zoneinfo/Etc/UTC /etc/localtime

Go to https://www.timeanddate.com/worldclock/timezone/utc [archive] or any other similar source to find out the time in UTC.

Fix the click. Change the date and time accordingly!

sudo date -s "26 SEPT 2018 11:54:25"

Check if the clock is correct now.

date

Footnotes[edit]

    • In Qubes, apt-get package installation could be done in TemplateVM.
    • In Qubes, download and verification could be done in a temporary TemplateBased AppVM, ideally Qubes/DisposableVM. Then move to offline vault VM.
    • In Non-Qubes-Whonix ™: install first, then disconnect internet and never re-enable internet access. TODO document
  1. Because accurate time required for TTOP and due to Boot Clock Randomization and sdwdate anonymizing time.
  2. https://addons.mozilla.org/de/firefox/addon/passifox/ [archive]


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

Have you contributed [archive] to Whonix ™? If so, feel free to add your name and highlight what you did on the Whonix authorship [archive] page.

https [archive] | (forcing) onion [archive]

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.