![]() Using Ubuntu Gnome 16.04 Beta: sudo apt-get install keepass2 KeeChallenge Linux InstallĪlso, this is easily set up in Linux. And once again, if you’d like more details or screenshots see the Kahu Security guide. Obviously save the secret to recover the database someplace safe in case the Yubikey(s) should fail or get lost. Once that’s set up create a KeePass database using YubiKey’s challenge-response as part of the composite master key. dll files to C:\Program Files (x86)\KeePass Password Safe 2\32bit overwriting any files, and do the same for 64-bit. Under ykpers-1.17.3-win32.zip/bin extract the. Grab the KeeChallenge plugin, install it by extracting the contents, including folders into the root of: C:\Program Files (x86)\KeePass Password Safe 2.ĭownload the Yubikey Personalization Tools (command line) for both 64-bit and 32-bit. Select Slot 2, if you want to be able to unlock Keepass with multiple YubiKeys then select those options and choose “Same secret for all keys” Generate the secret key, hit “Write Configuration” Then insert any additional YubiKeys to program them all with the same secret. I suggest using HMAC-SHA1 which allows a program to send a challenge that only the YubiKey would know the correct response to based on the secret. Since I want to use multiple YubiKeys, HOTP will not work well because the counters will get out of sync. This will generate one time passwords based on a counter (HOTP). There are two options, one (which I don’t want) is Yubico OTP. If you might use YubiCloud in the future don’t reprogram SLOT 1. Open the YubiKey Personalization Tool and program SLOT 2. If you want more details and screenshots see the Kahu Security post. Below is the configuration I used when testing. I think some of the options I used such as variable input were not working right when the above guide was written. I followed a well-written post: Securing Keepass with a Second Factor – Kahu Security but made a few minor changes. Encrypting a KeePass Database Enable Challenge/Response on the Yubikey Open up the Yubikey NEO Manager, insert a YubiKey and hit Change Connection Mode.Īnd now apps are available. The rest of this post is sort of a guide on some of the things I’ve experimented with.
0 Comments
Leave a Reply. |