[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/07: doc: cookbook: Document the configuration of a Yubikey with KeePa
From: |
guix-commits |
Subject: |
01/07: doc: cookbook: Document the configuration of a Yubikey with KeePassXC. |
Date: |
Fri, 1 Sep 2023 11:11:17 -0400 (EDT) |
apteryx pushed a commit to branch master
in repository guix.
commit c221d3e96279cb671f3b173aeb0654032d972a66
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Thu Aug 17 10:32:47 2023 -0400
doc: cookbook: Document the configuration of a Yubikey with KeePassXC.
* doc/guix-cookbook.texi (Using security keys)
[Requiring a Yubikey to open a KeePassXC database]: New subsection.
Series-to: 65354@debbugs.gnu.org
---
doc/guix-cookbook.texi | 45 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index e90d611171..6ca84bd11a 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -2158,6 +2158,51 @@ the @code{yubikey-manager-qt} package and either wholly
disable the
@samp{Applications -> OTP} view, delete the slot 1 configuration, which
comes pre-configured with the Yubico OTP application.
+@subsection Requiring a Yubikey to open a KeePassXC database
+@cindex yubikey, keepassxc integration
+The KeePassXC password manager application has support for Yubikeys, but
+it requires installing a udev rules for your Guix System and some
+configuration of the Yubico OTP application on the key.
+
+The necessary udev rules file comes from the
+@code{yubikey-personalization} package, and can be installed like:
+
+@lisp
+(use-package-modules ... security-token ...)
+...
+(operating-system
+ ...
+ (services
+ (cons*
+ ...
+ (udev-rules-service 'yubikey yubikey-personalization))))
+@end lisp
+
+After reconfiguring your system (and reconnecting your Yubikey), you'll
+then want to configure the OTP challenge/response application of your
+Yubikey on its slot 2, which is what KeePassXC uses. It's easy to do so
+via the Yubikey Manager graphical configuration tool, which can be
+invoked with:
+
+@example
+guix shell yubikey-manager-qt -- ykman-gui
+@end example
+
+First, ensure @samp{OTP} is enabled under the @samp{Interfaces} tab,
+then navigate to @samp{Applications -> OTP}, and click the
+@samp{Configure} button under the @samp{Long Touch (Slot 2)} section.
+Select @samp{Challenge-response}, input or generate a secret key, and
+click the @samp{Finish} button. If you have a second Yubikey you'd like
+to use as a backup, you should configure it the same way, using the
+@emph{same} secret key.
+
+Your Yubikey should now be detected by KeePassXC. It can be added to a
+database by navigating to KeePassXC's @samp{Database -> Database
+Security...} menu, then clicking the @samp{Add additional
+protection...} button, then @samp{Add Challenge-Response}, selecting the
+security key from the drop-down menu and clicking the @samp{OK} button
+to complete the setup.
+
@node Dynamic DNS mcron job
@section Dynamic DNS mcron job
- branch master updated (4e531e55dc -> 4d4bf9ab1f), guix-commits, 2023/09/01
- 05/07: gnu: Add libcppgenerate., guix-commits, 2023/09/01
- 04/07: gnu: Add tcptrack., guix-commits, 2023/09/01
- 07/07: gnu: sound-juicer: Update to 3.40.0., guix-commits, 2023/09/01
- 01/07: doc: cookbook: Document the configuration of a Yubikey with KeePassXC.,
guix-commits <=
- 03/07: gnu: Add usbrelay., guix-commits, 2023/09/01
- 06/07: gnu: dbus-cxx: Update to 2.4.0., guix-commits, 2023/09/01
- 02/07: cookbook: Add a recipe for running Guix System on a Kimsufi server., guix-commits, 2023/09/01