* [bug#65354] [PATCH 0/2] cookbook: Document the configuration of a Yubikey with KeePassXC
@ 2023-08-17 14:37 Maxim Cournoyer
2023-08-17 14:42 ` [bug#65354] [PATCH 1/2] gnu: yubikey-personalization: Mention udev rules file in description Maxim Cournoyer
0 siblings, 1 reply; 3+ messages in thread
From: Maxim Cournoyer @ 2023-08-17 14:37 UTC (permalink / raw)
To: 65354, maxim.cournoyer
Maxim Cournoyer (2):
gnu: yubikey-personalization: Mention udev rules file in description.
doc: cookbook: Document the configuration of a Yubikey with KeePassXC.
doc/guix-cookbook.texi | 44 +++++++++++++++++++++++++++++++++
gnu/packages/security-token.scm | 5 +++-
2 files changed, 48 insertions(+), 1 deletion(-)
base-commit: e80e082be1a85ca3ff17797ceda4e2346ea77b38
--
2.41.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [bug#65354] [PATCH 1/2] gnu: yubikey-personalization: Mention udev rules file in description.
2023-08-17 14:37 [bug#65354] [PATCH 0/2] cookbook: Document the configuration of a Yubikey with KeePassXC Maxim Cournoyer
@ 2023-08-17 14:42 ` Maxim Cournoyer
2023-08-17 14:42 ` [bug#65354] [PATCH 2/2] doc: cookbook: Document the configuration of a Yubikey with KeePassXC Maxim Cournoyer
0 siblings, 1 reply; 3+ messages in thread
From: Maxim Cournoyer @ 2023-08-17 14:42 UTC (permalink / raw)
To: 65354; +Cc: Maxim Cournoyer
* gnu/packages/security-token.scm (yubikey-personalization)
[description]: Expound with information regarding the udev rules file the
package contains.
---
gnu/packages/security-token.scm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 3a0ed245ad..babc10aa7d 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -460,7 +460,10 @@ (define-public yubikey-personalization
(description
"The YubiKey Personalization package contains a C library and command
line tools for personalizing YubiKeys. You can use these to set an AES key,
-retrieve a YubiKey's serial number, and so forth.")
+retrieve a YubiKey's serial number, and so forth. It also provides the
+@file{69-yubikey.rules} udev rules file, which allows console users to access
+the Yubikey USB device node, which is needed for the challenge/response
+@acronym{OTP, One-Time Password} application used by KeePassXC, for example.")
(license license:bsd-2)))
(define-public python-pyscard
base-commit: e80e082be1a85ca3ff17797ceda4e2346ea77b38
--
2.41.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [bug#65354] [PATCH 2/2] doc: cookbook: Document the configuration of a Yubikey with KeePassXC.
2023-08-17 14:42 ` [bug#65354] [PATCH 1/2] gnu: yubikey-personalization: Mention udev rules file in description Maxim Cournoyer
@ 2023-08-17 14:42 ` Maxim Cournoyer
0 siblings, 0 replies; 3+ messages in thread
From: Maxim Cournoyer @ 2023-08-17 14:42 UTC (permalink / raw)
To: 65354; +Cc: Maxim Cournoyer
* doc/guix-cookbook.texi (Using security keys)
[Requiring a Yubikey to open a KeePassXC database]: New subsection.
---
doc/guix-cookbook.texi | 44 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 87430b741a..e5ed707450 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -2152,6 +2152,50 @@ Using security keys
@samp{Applications -> OTP} view, delete the slot 1 configuration, which
comes pre-configured with the Yubico OTP application.
+@subsection Requiring a Yubikey to open a KeePassXC database
+@cindex yubikey, keepassxc integration
+The KeePassXC password manager application has support for Yubikeys, but
+it requires installing a udev rules for your Guix System and some
+configuration of the Yubico OTP application on the key.
+
+The necessary udev rules file comes from the
+@code{yubikey-personalization} package, and can be installed like:
+
+@lisp
+(use-package-modules ... security-token ...)
+...
+(operating-system
+ ...
+ (services
+ (cons*
+ ...
+ (udev-rules-service 'yubikey yubikey-personalization))))
+@end lisp
+
+After reconfiguring your system (and reconnecting your Yubikey), you'll
+then want to configure the OTP challenge/response application of your
+Yubikey on its slot 2, which is what KeePassXC uses. It's easy to do so
+via the Yubikey Manager configuration tool, which can be invoked with:
+
+@example
+guix shell yubikey-manager-qt -- ykman-gui
+@end example
+
+First, ensure @samp{OTP} is enabled under the @samp{Interfaces} tab,
+then navigate to @samp{Applications -> OTP}, and click the
+@samp{Configure} button under the @samp{Long Touch (Slot 2)} section.
+Select @samp{Challenge-response}, input or generate a secret key, and
+click the @samp{Finish} button. If you have a second Yubikey you'd like
+to use as a backup, you should configure it the same way, using the
+@emph{same} secret key.
+
+Your Yubikey should now be detected by KeePassXC. It can be added to a
+database by navigating to KeePassXC's @samp{Database -> Database
+Security...} menu, then clicking the @samp{Add additional
+protection...} button, then @samp{Add Challenge-Response}, selecting the
+security key from the drop-down menu and clicking the @samp{OK} button
+to complete the setup.
+
@node Dynamic DNS mcron job
@section Dynamic DNS mcron job
--
2.41.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-08-17 14:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-17 14:37 [bug#65354] [PATCH 0/2] cookbook: Document the configuration of a Yubikey with KeePassXC Maxim Cournoyer
2023-08-17 14:42 ` [bug#65354] [PATCH 1/2] gnu: yubikey-personalization: Mention udev rules file in description Maxim Cournoyer
2023-08-17 14:42 ` [bug#65354] [PATCH 2/2] doc: cookbook: Document the configuration of a Yubikey with KeePassXC Maxim Cournoyer
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).