KeePass
KeePass is an offline encrypted password database format. It is an alternative to popular online password managers and is supported on all major distributions and other OS platforms.
Currently, there are two variants of the database formats: KeePass 1.x (Classic) and KeePass 2.x
Contents
Installation
There are three major implementations of KeePass, which are included in official repositories:
- KeePass — An easy-to-use password manager for Windows, Linux, Mac OS X and mobile devices. It also has optional autotype and clipboard support respectively when
xdotool
andxsel
are installed. Supports importing from many formats. Has many plugins.
- KeePassX — KeePassX is a cross platform port of the Windows application Keepass Password Safe. The new version keepassx2 is compatible with 2.x database formats, but can import 1.x databases. One may also import PwManager databases and KWallet XML databases. Does not have plugin functionality, 2017-02-03.
- KeepassXC — Fork of KeePassX that aims to incorporate stalled Pull Requests, features, and bug fixes that are not being incorporated into the main KeePassX baseline.
Other lesser known implementations are found in the AUR:
- keepassc — A curses-based password manager compatible to KeePass v.1.x and KeePassX. It also uses
xsel
for clipboard functions.
- kpcli — A command line browser of KeePassX database files
*.kdb
.
- keeweb — A desktop webapp compatible to KeePass 2.x.
Integration
Many plugins and extensions are available for integrating KeePass to other software.
Plugin Installation
KeePass is by default, installed at /usr/share/keepass/
. Copy plugin.plgx
to a plugins sub-directory under the KeePass installation directory as demonstrated below:
# mkdir /usr/share/keepass/plugins # cp plugin.plgx /usr/share/keepass/plugins
Firefox
- KeeFox (keepass-plugin-rpcAUR)
Firefox extension that links the browser to existing or new KeePass database. KeeFox needs to be setup before it is fully functional.
Extension allowing Firefox to form-fill passwords stored in KeePass.
Modifies window title to assist autotype feature.
Chrome/Chromium
Extension allowing Google Chrome and Chromium to form-fill passwords stored in KeePass.
Modifies window title to assist autotype feature. Similar to KeePass Helper for Firefox in function.
Nextcloud
Open Keepass stores inside Nextcloud
Yubikey
Yubikey can be integrated with KeePass thanks to contributors of KeePass plugins.
- StaticPassword
- Configure one of Yubikey slots to store static password. You can make the password as strong as 65 characters (64 characters with leading `!`). This password can then be used as master password for your KeePass database.
- one-time passwords (OATH-HOTP)
- Download plugin from KeePass website: http://keepass.info/plugins.html#otpkeyprov
- Use yubikey-personalization-gui-gitAUR to setup OATH-HOTP
- In advanced mode untick `OATH Token Identifier`
- In KeePass additional option will show up under `Key file / provider` called `One-Time Passwords (OATH HOTP)
- Copy secret, key length (6 or 8), and counter (in Yubikey personalization GUI this parameter is called `Moving Factor Seed`)
- You may need to setup `Look-ahead count` option to something greater than 0, please see thread for more information
- See video for more help
- Challenge-Response (HMAC-SHA1)
- Get the plugin from AUR: keepass-plugin-keechallengeAUR
- In KeePass additional option will show up under `Key file / provider` called `Yubikey challenge-response`
- Plugin assumes slot 2 is used