keepassxc
From Whonix
Documentation for this is incomplete. Contributions are happily considered!
Installation[edit]
Recommended to be installed inside an offline VM (vault). [1] When you want to keepassxc as replacement for Google Authenticator (actually TTOP, Time based One Time Password) Two Factor Authentication (2FA)) then a Debian based VM is more suitable than a Whonix-Workstation ™ based VM. [2]
Packages yubikey-personalization yubikey-personalization-gui are YubiKey related. Users not using YubiKey can skip installation of these packages and install keepassxc only.
1. Update the package lists.
sudo apt-get update
2. Upgrade the system.
sudo apt-get dist-upgrade
3. Install the keepassxc yubikey-personalization yubikey-personalization-gui package.
sudo apt-get install keepassxc yubikey-personalization yubikey-personalization-gui
The procedure is complete.
Autostart[edit]
Optional. If you like to autostart keepassxc.
Create folder ~/.config/autostart/.
mkdir -p ~/.config/autostart/
Open ~/.config/autostart/keepassxc.desktop in an editor as a regular, non-root user.
If you are using a graphical environment, run.
mousepad ~/.config/autostart/keepassxc.desktop
If you are using a terminal, run.
nano ~/.config/autostart/keepassxc.desktop
Paste the following content.
[Desktop Entry] Type=Application Name=keepassxc Exec=keepassxc
Save.
The process is now complete.
Usage[edit]
To start.
keepassxc
First run question: either answer is ok.
Create a new database.
Default file name Passwords.kdbx is ok.
If you are using Full Disk Encryption you might want to use a very easy password. Up to you.
Left click one time on root
Then go to menu → entries → Add new entry → any name name as test → ok
right click on test → time based on time password → set up TOTP → Default → paste 2FA code → ok
right click on test again → time based on time password → show TOTP
Time Fix[edit]
2FA TTOP code changes every 30 seconds. So clock needs to be reasonable correct.
Troubleshoting only. If code does not match.
Set timezone to UTC for simplicity.
sudo cp /usr/share/zoneinfo/Etc/UTC /etc/localtime
Go to https://www.timeanddate.com/worldclock/timezone/utc [archive] or any other similar source to find out the time in UTC.
Fix the click. Change the date and time accordingly!
sudo date -s "26 SEPT 2018 11:54:25"
Check if the clock is correct now.
date
Footnotes[edit]
- ↑
- In Qubes, apt-get package installation could be done in TemplateVM.
- In Qubes, download and verification could be done in a temporary TemplateBased AppVM, ideally Qubes/DisposableVM. Then move to offline vault VM.
- In Non-Qubes-Whonix ™: install first, then disconnect internet and never re-enable internet access. TODO document
- ↑ Because accurate time required for TTOP and due to Boot Clock Randomization and sdwdate anonymizing time.
- ↑ https://addons.mozilla.org/de/firefox/addon/passifox/ [archive]
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
We are looking for help in managing our social media accounts. Are you interested?
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.