keepassxc
From Whonix
Installation[edit]
Recommended to be installed inside an offline VM (vault). [1] When you want to keepassxc as replacement for Google Authenticator (actually TTOP, Time based One Time Password) Two Factor Authentication (2FA)) then a Debian based VM is more suitable than a Whonix-Workstation ™ based VM. [2]
Packages yubikey-personalization yubikey-personalization-gui
are YubiKey related. Users not using YubiKey can skip installation of these packages and install keepassxc
only.
Install keepassxc yubikey-personalization yubikey-personalization-gui
.
1. Update the package lists.
sudo apt-get update
2. Upgrade the system.
sudo apt-get dist-upgrade
3. Install the keepassxc yubikey-personalization yubikey-personalization-gui
package.
Using apt-get
command line parameter --no-install-recommends
is in most cases optional.
sudo apt-get install --no-install-recommends keepassxc yubikey-personalization yubikey-personalization-gui
The procedure of installing keepassxc yubikey-personalization yubikey-personalization-gui
is complete.
Autostart[edit]
Optional. If you like to autostart keepassxc.
Create folder ~/.config/autostart/
.
mkdir -p ~/.config/autostart/
Open ~/.config/autostart/keepassxc.desktop in an editor as a regular, non-root user.
If you are using a graphical environment, run.
mousepad ~/.config/autostart/keepassxc.desktop
If you are using a terminal, run.
nano ~/.config/autostart/keepassxc.desktop
Paste the following content.
[Desktop Entry] Type=Application Name=keepassxc Exec=keepassxc
Save.
The process is now complete.
Usage[edit]
1. Use of an offline VM (vault) is recommended.
2. Make sure clock is correct.
Whonix-Workstation ™ is unsuitable due to Boot Clock Randomization and sdwdate clock randomization. (Unless disabled and offline.)
3. To start.
keepassxc
4. Create a new database.
5. Default file name Passwords.kdbx
is ok.
If you are using Full Disk Encryption you might want to use a very easy password. Up to you.
6. Left click on root
.
7. Menu → Entries
→ Add new entry
→ under Title:
write any name name (such as test
) → OK
.
8. Right click on the new entry (such as test
) → Time-based one-time password
→ set up TOTP
→ Default RFC 6238 token settings
→ paste 2FA code → OK
.
9. Right click on the new entry (such as test
) → Time-based one-time password
→ show TOTP
.
Time Fix[edit]
2FA TTOP code changes every 30 seconds. So clock needs to be reasonable correct.
Troubleshoting only. If code does not match.
Set timezone to UTC for simplicity.
sudo cp /usr/share/zoneinfo/Etc/UTC /etc/localtime
Go to https://www.timeanddate.com/worldclock/timezone/utc [archive] or any other similar source to find out the time in UTC.
Fix the click. Change the date and time accordingly!
sudo date -s "26 SEPT 2018 11:54:25"
Check if the clock is correct now.
date
Getting the Browser Extension To Work[edit]
Community Support Only!: | |
---|---|
![]() |
|
Install the browser addon from https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/ [archive]
(OPTIONAL) Install a more recent version of keepassxc
(See https://backports.debian.org/Instructions/ [archive])
Create the following symlink to get the proxy to work:
cd ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/.mozilla
ln -s /home/user/.mozilla/native-messaging-hosts native-messaging-hosts
Notes:
If the .mozilla
folder does not exist, create it.
Also take a look at https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide [archive]
Footnotes[edit]
- ↑
- In Qubes, apt-get package installation could be done in TemplateVM.
- In Qubes, download and verification could be done in a temporary TemplateBased AppVM, ideally Qubes/DisposableVM. Then move to offline vault VM.
- In Non-Qubes-Whonix ™: install first, then disconnect internet and never re-enable internet access. TODO document
- ↑ Because accurate time required for TTOP and due to Boot Clock Randomization and sdwdate anonymizing time.
- ↑ https://addons.mozilla.org/de/firefox/addon/passifox/ [archive]
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Love Whonix ™ and want to help spread the word? You can start by telling your friends or posting news about Whonix ™ on your website, blog or social media.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.