How to secure KeePass with YubiKey

How to secure KeePass with YubiKey

Obecnie mamy coraz więcej kont w serwisach internetowych. Nie sposób zapamiętać hasła do wszystkich kont, w szczególności jeśli chcemy aby nasze hasła były odpowiednio długie, losowe i unikalne. Tutaj z pomocą przychodzą nam menadżery haseł. Jakiś czas temu napisałem wpis why and how to use KeePass. The password database file is, of course, password-protected using strong encryption, but if you use a YubiKey then you can additionally secure the ability to open the password database with this very key.

The KeePass database can be secured with a Yubikey key in 2 ways. The first and recommended way is HMAC-SHA1 and OTP, using the OTP method we cannot add a second, backup key.

Before we proceed with the configuration, it is important to know that the key has 2 slots on which we can configure HMAC. They differ in that the 1st slot is triggered when the key is touched briefly, the 2nd slot is activated by a longer touch.

For the purposes of this entry, we will configure the key using 1 slot. To do this, we will need the 😊 key and the Yubikey Manager application. Download here

Open the application, go to Applications / OTP in the menu:

At slot 1, select Configure and check the Challenge-response option. Then click „Next”

The „Challenge-response” configuration screen will appear. At first, we need to establish our „secret key” – we can generate it. In addition, we can check the „Require touch” option, so that in addition to inserting the key, we need to physically touch it – in the case of the YubiKey 5 NFC key.

My key already has a key configured on slot 1 – for testing purposes, hence I have this message. In my case, I select the „YES” option.

The key is configured.

Now we go to KeePass. Now we go to the base settings, or if we are creating a base then the configuration option is available when creating the password

We click „Add Challenge-Response” and then if we have a key inserted then KeePass will detect it for us and the key will appear in the list.

We now click Done.

In the next step in KeePass we will see this information. We touch the key to configure the base file.

Now we are opening the base:

After touching the key, our base will open.

Komentarze

Nie ma jeszcze komentarzy. Może zaczniesz dyskusję?

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *