* [bug#65354] [PATCH 0/2] cookbook: Document the configuration of a Yubikey with KeePassXC @ 2023-08-17 14:37 Maxim Cournoyer 2023-08-17 14:42 ` [bug#65354] [PATCH 1/2] gnu: yubikey-personalization: Mention udev rules file in description Maxim Cournoyer 0 siblings, 1 reply; 3+ messages in thread From: Maxim Cournoyer @ 2023-08-17 14:37 UTC (permalink / raw) To: 65354, maxim.cournoyer Maxim Cournoyer (2): gnu: yubikey-personalization: Mention udev rules file in description. doc: cookbook: Document the configuration of a Yubikey with KeePassXC. doc/guix-cookbook.texi | 44 +++++++++++++++++++++++++++++++++ gnu/packages/security-token.scm | 5 +++- 2 files changed, 48 insertions(+), 1 deletion(-) base-commit: e80e082be1a85ca3ff17797ceda4e2346ea77b38 -- 2.41.0 ^ permalink raw reply [flat|nested] 3+ messages in thread
* [bug#65354] [PATCH 1/2] gnu: yubikey-personalization: Mention udev rules file in description. 2023-08-17 14:37 [bug#65354] [PATCH 0/2] cookbook: Document the configuration of a Yubikey with KeePassXC Maxim Cournoyer @ 2023-08-17 14:42 ` Maxim Cournoyer 2023-08-17 14:42 ` [bug#65354] [PATCH 2/2] doc: cookbook: Document the configuration of a Yubikey with KeePassXC Maxim Cournoyer 0 siblings, 1 reply; 3+ messages in thread From: Maxim Cournoyer @ 2023-08-17 14:42 UTC (permalink / raw) To: 65354; +Cc: Maxim Cournoyer * gnu/packages/security-token.scm (yubikey-personalization) [description]: Expound with information regarding the udev rules file the package contains. --- gnu/packages/security-token.scm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm index 3a0ed245ad..babc10aa7d 100644 --- a/gnu/packages/security-token.scm +++ b/gnu/packages/security-token.scm @@ -460,7 +460,10 @@ (define-public yubikey-personalization (description "The YubiKey Personalization package contains a C library and command line tools for personalizing YubiKeys. You can use these to set an AES key, -retrieve a YubiKey's serial number, and so forth.") +retrieve a YubiKey's serial number, and so forth. It also provides the +@file{69-yubikey.rules} udev rules file, which allows console users to access +the Yubikey USB device node, which is needed for the challenge/response +@acronym{OTP, One-Time Password} application used by KeePassXC, for example.") (license license:bsd-2))) (define-public python-pyscard base-commit: e80e082be1a85ca3ff17797ceda4e2346ea77b38 -- 2.41.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [bug#65354] [PATCH 2/2] doc: cookbook: Document the configuration of a Yubikey with KeePassXC. 2023-08-17 14:42 ` [bug#65354] [PATCH 1/2] gnu: yubikey-personalization: Mention udev rules file in description Maxim Cournoyer @ 2023-08-17 14:42 ` Maxim Cournoyer 0 siblings, 0 replies; 3+ messages in thread From: Maxim Cournoyer @ 2023-08-17 14:42 UTC (permalink / raw) To: 65354; +Cc: Maxim Cournoyer * doc/guix-cookbook.texi (Using security keys) [Requiring a Yubikey to open a KeePassXC database]: New subsection. --- doc/guix-cookbook.texi | 44 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 87430b741a..e5ed707450 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -2152,6 +2152,50 @@ Using security keys @samp{Applications -> OTP} view, delete the slot 1 configuration, which comes pre-configured with the Yubico OTP application. +@subsection Requiring a Yubikey to open a KeePassXC database +@cindex yubikey, keepassxc integration +The KeePassXC password manager application has support for Yubikeys, but +it requires installing a udev rules for your Guix System and some +configuration of the Yubico OTP application on the key. + +The necessary udev rules file comes from the +@code{yubikey-personalization} package, and can be installed like: + +@lisp +(use-package-modules ... security-token ...) +... +(operating-system + ... + (services + (cons* + ... + (udev-rules-service 'yubikey yubikey-personalization)))) +@end lisp + +After reconfiguring your system (and reconnecting your Yubikey), you'll +then want to configure the OTP challenge/response application of your +Yubikey on its slot 2, which is what KeePassXC uses. It's easy to do so +via the Yubikey Manager configuration tool, which can be invoked with: + +@example +guix shell yubikey-manager-qt -- ykman-gui +@end example + +First, ensure @samp{OTP} is enabled under the @samp{Interfaces} tab, +then navigate to @samp{Applications -> OTP}, and click the +@samp{Configure} button under the @samp{Long Touch (Slot 2)} section. +Select @samp{Challenge-response}, input or generate a secret key, and +click the @samp{Finish} button. If you have a second Yubikey you'd like +to use as a backup, you should configure it the same way, using the +@emph{same} secret key. + +Your Yubikey should now be detected by KeePassXC. It can be added to a +database by navigating to KeePassXC's @samp{Database -> Database +Security...} menu, then clicking the @samp{Add additional +protection...} button, then @samp{Add Challenge-Response}, selecting the +security key from the drop-down menu and clicking the @samp{OK} button +to complete the setup. + @node Dynamic DNS mcron job @section Dynamic DNS mcron job -- 2.41.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-08-17 14:46 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-08-17 14:37 [bug#65354] [PATCH 0/2] cookbook: Document the configuration of a Yubikey with KeePassXC Maxim Cournoyer 2023-08-17 14:42 ` [bug#65354] [PATCH 1/2] gnu: yubikey-personalization: Mention udev rules file in description Maxim Cournoyer 2023-08-17 14:42 ` [bug#65354] [PATCH 2/2] doc: cookbook: Document the configuration of a Yubikey with KeePassXC Maxim Cournoyer
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).