KeePassXC

software/nk-app2/keepassxc.rst

@@ -0,0 +1,93 @@
+KeePassXC
+=========
+.. _keepassxc:
+
+KeePassXC with Nitrokey 3:
+
+To use KeePassXC with the Nitokey 3, a challenge-response secret must be added.
+More information about KeePassXC: https://keepassxc.org/
+
+
+1. Generate a HMAC secret with the Nitrokey App 2
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. Open Nitrokey App 2
+2. Select the Nitrokey 3
+3. Select the ``PASSWORDS`` tab
+4. Click on ``+ADD`` to create a new credential
+5. Select ``HMAC`` from the algorithm drop-down menu
+
+.. note::
+    - The credential is automatically named in ``HmacSlot2``.
+    - No extra attributes can be saved for the HMAC credential.
+    - The HMAC secret must be *exactly 20 bytes* long and in *Base32* format. That is exactly 32 characters.
+    - It is possible to save 1 HMAC secret on a Nitrokey 3.
+
+6. To generate a secret, there is a button in the field on the right-hand. 
+   It is also possible to enter your own secret that conforms.
+
+.. important::
+    * The secret can **only** be seen before saving.
+    * If the KeePassXC database is to be used with another Nitrokey 3,
+      the challenge-response secret must be copied; 
+      this is **only** possible **before saving** the credential.
+
+7. Click on ``SAVE`` to save the credential
+
+
+2. Creating a KeePassXC database that is connected to a Nitrokey 3
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+.. note::
+    The connection between a KeePassXC database and the Nitrokey 3
+    is supported since **KeePassXC version 2.7.6**.
+
+1. Open KeePassXC 
+2. Select ``Database`` -> ``New Database...`` from the menu bar.
+   Or use the keyboard shortcut ``Ctrl+Shift+N`` to create a new KeePassXC database.
+3. Fill in the display name and an optional description for your new database and click on ``Continue``
+4. Further database encryption settings can now be configured here or the default settings can be retained.
+   The settings can also be changed later in the database settings.
+
+   For more information look here: https://keepassxc.org/docs/
+
+   Click on ``Continue`` to confirm the settings
+5. **Database Credential**
+
+   Here you can now enter a password to unlock the database.
+   To connect the Nitrokey 3 on which the HMAC secret was generated to the new KeePassXC database,
+
+   click on ``Add additional protection...``
+
+.. tip::
+    * If the database is only to be unlocked with the help of a Nitrokey 3, the password can simply be left blank.
+    * If a password is also entered, the Nitrokey 3 is the second factor of the two-factor authorization for unlocking the KeePassXC database. 
+
+6. Scroll down to ``Challenge-Response``
+   Click on ``Add Challenge-Response``
+7. Now if the Nitrokey 3 is plugged in and a HMAC was generated before, Nitrokey 3 should be displayed in the field.
+   Click on ``Continue`` to complete the creation of the new KeePassXC database
+
+
+.. tip::
+    If the Nirokey3 is not recognized, close KeePassXC again completely.
+    Before restarting KeePassXC, connect the Nitrokey 3 to the PC.
+
+
+3. Connection to an existing KeePassXC database that is connected to a Nitrokey 3
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. Open KeePassXC 
+2. Open the existing KeePassXC database that is connected to a Nitrokey 3
+3. Select ``Database`` -> ``Database Security...`` from the menu bar
+4. Select ``Security`` on the left side
+5. Click on the ``Add additional protection...`` button in the ``Database Credentials`` tab
+6. Scroll down to ``Challenge-Response``
+   -> Click on ``Add Challenge-Response``
+7. Now if the Nitrokey 3 is plugged in and a HMAC was generated before, Nitrokey 3 should be displayed in the field.
+
+   Click on ``OK`` to to add the Nirokey3 to the existing KeePassXC database
+
+.. note::
+    If the Nirokey3 is not recognized, close KeePassXC again completely.
+    Before restarting KeePassXC, connect the Nitrokey 3 to the PC.
+