From 0c0c942cb3fcbb5f8c80def83e3d95e0136bd3f7 Mon Sep 17 00:00:00 2001 From: jj-so Date: Tue, 2 Apr 2024 12:51:53 +0200 Subject: [PATCH] KeePassXC --- software/nk-app2/keepassxc.rst | 93 ++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 software/nk-app2/keepassxc.rst diff --git a/software/nk-app2/keepassxc.rst b/software/nk-app2/keepassxc.rst new file mode 100644 index 0000000000..47d38e1106 --- /dev/null +++ b/software/nk-app2/keepassxc.rst @@ -0,0 +1,93 @@ +KeePassXC +========= +.. _keepassxc: + +KeePassXC with Nitrokey 3: + +To use KeePassXC with the Nitokey 3, a challenge-response secret must be added. +More information about KeePassXC: https://keepassxc.org/ + + +1. Generate a HMAC secret with the Nitrokey App 2 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +1. Open Nitrokey App 2 +2. Select the Nitrokey 3 +3. Select the ``PASSWORDS`` tab +4. Click on ``+ADD`` to create a new credential +5. Select ``HMAC`` from the algorithm drop-down menu + +.. note:: + - The credential is automatically named in ``HmacSlot2``. + - No extra attributes can be saved for the HMAC credential. + - The HMAC secret must be *exactly 20 bytes* long and in *Base32* format. That is exactly 32 characters. + - It is possible to save 1 HMAC secret on a Nitrokey 3. + +6. To generate a secret, there is a button in the field on the right-hand. + It is also possible to enter your own secret that conforms. + +.. important:: + * The secret can **only** be seen before saving. + * If the KeePassXC database is to be used with another Nitrokey 3, + the challenge-response secret must be copied; + this is **only** possible **before saving** the credential. + +7. Click on ``SAVE`` to save the credential + + +2. Creating a KeePassXC database that is connected to a Nitrokey 3 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +.. note:: + The connection between a KeePassXC database and the Nitrokey 3 + is supported since **KeePassXC version 2.7.6**. + +1. Open KeePassXC +2. Select ``Database`` -> ``New Database...`` from the menu bar. + Or use the keyboard shortcut ``Ctrl+Shift+N`` to create a new KeePassXC database. +3. Fill in the display name and an optional description for your new database and click on ``Continue`` +4. Further database encryption settings can now be configured here or the default settings can be retained. + The settings can also be changed later in the database settings. + + For more information look here: https://keepassxc.org/docs/ + + Click on ``Continue`` to confirm the settings +5. **Database Credential** + + Here you can now enter a password to unlock the database. + To connect the Nitrokey 3 on which the HMAC secret was generated to the new KeePassXC database, + + click on ``Add additional protection...`` + +.. tip:: + * If the database is only to be unlocked with the help of a Nitrokey 3, the password can simply be left blank. + * If a password is also entered, the Nitrokey 3 is the second factor of the two-factor authorization for unlocking the KeePassXC database. + +6. Scroll down to ``Challenge-Response`` + Click on ``Add Challenge-Response`` +7. Now if the Nitrokey 3 is plugged in and a HMAC was generated before, Nitrokey 3 should be displayed in the field. + Click on ``Continue`` to complete the creation of the new KeePassXC database + + +.. tip:: + If the Nirokey3 is not recognized, close KeePassXC again completely. + Before restarting KeePassXC, connect the Nitrokey 3 to the PC. + + +3. Connection to an existing KeePassXC database that is connected to a Nitrokey 3 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +1. Open KeePassXC +2. Open the existing KeePassXC database that is connected to a Nitrokey 3 +3. Select ``Database`` -> ``Database Security...`` from the menu bar +4. Select ``Security`` on the left side +5. Click on the ``Add additional protection...`` button in the ``Database Credentials`` tab +6. Scroll down to ``Challenge-Response`` + -> Click on ``Add Challenge-Response`` +7. Now if the Nitrokey 3 is plugged in and a HMAC was generated before, Nitrokey 3 should be displayed in the field. + + Click on ``OK`` to to add the Nirokey3 to the existing KeePassXC database + +.. note:: + If the Nirokey3 is not recognized, close KeePassXC again completely. + Before restarting KeePassXC, connect the Nitrokey 3 to the PC. +