keepassxc
From Whonix
Installation[edit]
Recommended to be installed inside an offline VM (vault). [1] When you want to keepassxc as replacement for Google Authenticator (actually TTOP, Time based One Time Password) Two Factor Authentication (2FA)) then a Debian based VM is more suitable than a Whonix-Workstation ™ based VM. [2]
Packages yubikey-personalization yubikey-personalization-gui
are YubiKey related. Users not using YubiKey can skip installation of these packages and install keepassxc
only.
Install keepassxc yubikey-personalization yubikey-personalization-gui
.
1. Update the package lists.
sudo apt-get update
2. Upgrade the system.
sudo apt-get dist-upgrade
3. Install the keepassxc yubikey-personalization yubikey-personalization-gui
package.
Using apt-get
command line parameter --no-install-recommends
is in most cases optional.
sudo apt-get install --no-install-recommends keepassxc yubikey-personalization yubikey-personalization-gui
The procedure of installing keepassxc yubikey-personalization yubikey-personalization-gui
is complete.
Autostart[edit]
Optional. If you like to autostart keepassxc.
Create folder ~/.config/autostart/
.
mkdir -p ~/.config/autostart/
Open ~/.config/autostart/keepassxc.desktop in an editor as a regular, non-root user.
If you are using a graphical environment, run.
mousepad ~/.config/autostart/keepassxc.desktop
If you are using a terminal, run.
nano ~/.config/autostart/keepassxc.desktop
Paste the following content.
[Desktop Entry] Type=Application Name=keepassxc Exec=keepassxc
Save.
The process is now complete.
Usage[edit]
To start.
keepassxc
First run question: either answer is ok.
Create a new database.
Default file name Passwords.kdbx
is ok.
If you are using Full Disk Encryption you might want to use a very easy password. Up to you.
Left click one time on root
Then go to menu → entries → Add new entry → any name name as test
→ ok
right click on test → time based on time password → set up TOTP → Default → paste 2FA code → ok
right click on test again → time based on time password → show TOTP
Time Fix[edit]
2FA TTOP code changes every 30 seconds. So clock needs to be reasonable correct.
Troubleshoting only. If code does not match.
Set timezone to UTC for simplicity.
sudo cp /usr/share/zoneinfo/Etc/UTC /etc/localtime
Go to https://www.timeanddate.com/worldclock/timezone/utc [archive] or any other similar source to find out the time in UTC.
Fix the click. Change the date and time accordingly!
sudo date -s "26 SEPT 2018 11:54:25"
Check if the clock is correct now.
date
Getting the Browser Extension To Work[edit]
Community Support Only!: | |
---|---|
![]() |
|
Install the browser addon from https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/ [archive]
(OPTIONAL) Install a more recent version of keepassxc
(See https://backports.debian.org/Instructions/ [archive])
Create the following symlink to get the proxy to work:
cd ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/.mozilla
ln -s /home/user/.mozilla/native-messaging-hosts native-messaging-hosts
Notes:
If the .mozilla
folder does not exist, create it.
Also take a look at https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide [archive]
Footnotes[edit]
- ↑
- In Qubes, apt-get package installation could be done in TemplateVM.
- In Qubes, download and verification could be done in a temporary TemplateBased AppVM, ideally Qubes/DisposableVM. Then move to offline vault VM.
- In Non-Qubes-Whonix ™: install first, then disconnect internet and never re-enable internet access. TODO document
- ↑ Because accurate time required for TTOP and due to Boot Clock Randomization and sdwdate anonymizing time.
- ↑ https://addons.mozilla.org/de/firefox/addon/passifox/ [archive]
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
We are looking for contributors and developers.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.