GNU bug report logs -
#65354
[PATCH 0/2] cookbook: Document the configuration of a Yubikey with KeePassXC
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 65354 in the body.
You can then email your comments to 65354 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#65354; Package
guix-patches.
(Thu, 17 Aug 2023 14:38:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 17 Aug 2023 14:38:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Maxim Cournoyer (2):
gnu: yubikey-personalization: Mention udev rules file in description.
doc: cookbook: Document the configuration of a Yubikey with KeePassXC.
doc/guix-cookbook.texi | 44 +++++++++++++++++++++++++++++++++
gnu/packages/security-token.scm | 5 +++-
2 files changed, 48 insertions(+), 1 deletion(-)
base-commit: e80e082be1a85ca3ff17797ceda4e2346ea77b38
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#65354; Package
guix-patches.
(Thu, 17 Aug 2023 14:46:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 65354 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/security-token.scm (yubikey-personalization)
[description]: Expound with information regarding the udev rules file the
package contains.
---
gnu/packages/security-token.scm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 3a0ed245ad..babc10aa7d 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -460,7 +460,10 @@ (define-public yubikey-personalization
(description
"The YubiKey Personalization package contains a C library and command
line tools for personalizing YubiKeys. You can use these to set an AES key,
-retrieve a YubiKey's serial number, and so forth.")
+retrieve a YubiKey's serial number, and so forth. It also provides the
+@file{69-yubikey.rules} udev rules file, which allows console users to access
+the Yubikey USB device node, which is needed for the challenge/response
+@acronym{OTP, One-Time Password} application used by KeePassXC, for example.")
(license license:bsd-2)))
(define-public python-pyscard
base-commit: e80e082be1a85ca3ff17797ceda4e2346ea77b38
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#65354; Package
guix-patches.
(Thu, 17 Aug 2023 14:46:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 65354 <at> debbugs.gnu.org (full text, mbox):
* doc/guix-cookbook.texi (Using security keys)
[Requiring a Yubikey to open a KeePassXC database]: New subsection.
---
doc/guix-cookbook.texi | 44 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 87430b741a..e5ed707450 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -2152,6 +2152,50 @@ Using security keys
@samp{Applications -> OTP} view, delete the slot 1 configuration, which
comes pre-configured with the Yubico OTP application.
+@subsection Requiring a Yubikey to open a KeePassXC database
+@cindex yubikey, keepassxc integration
+The KeePassXC password manager application has support for Yubikeys, but
+it requires installing a udev rules for your Guix System and some
+configuration of the Yubico OTP application on the key.
+
+The necessary udev rules file comes from the
+@code{yubikey-personalization} package, and can be installed like:
+
+@lisp
+(use-package-modules ... security-token ...)
+...
+(operating-system
+ ...
+ (services
+ (cons*
+ ...
+ (udev-rules-service 'yubikey yubikey-personalization))))
+@end lisp
+
+After reconfiguring your system (and reconnecting your Yubikey), you'll
+then want to configure the OTP challenge/response application of your
+Yubikey on its slot 2, which is what KeePassXC uses. It's easy to do so
+via the Yubikey Manager configuration tool, which can be invoked with:
+
+@example
+guix shell yubikey-manager-qt -- ykman-gui
+@end example
+
+First, ensure @samp{OTP} is enabled under the @samp{Interfaces} tab,
+then navigate to @samp{Applications -> OTP}, and click the
+@samp{Configure} button under the @samp{Long Touch (Slot 2)} section.
+Select @samp{Challenge-response}, input or generate a secret key, and
+click the @samp{Finish} button. If you have a second Yubikey you'd like
+to use as a backup, you should configure it the same way, using the
+@emph{same} secret key.
+
+Your Yubikey should now be detected by KeePassXC. It can be added to a
+database by navigating to KeePassXC's @samp{Database -> Database
+Security...} menu, then clicking the @samp{Add additional
+protection...} button, then @samp{Add Challenge-Response}, selecting the
+security key from the drop-down menu and clicking the @samp{OK} button
+to complete the setup.
+
@node Dynamic DNS mcron job
@section Dynamic DNS mcron job
--
2.41.0
bug closed, send any further explanations to
65354 <at> debbugs.gnu.org and Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Request was from
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
to
control <at> debbugs.gnu.org.
(Fri, 01 Sep 2023 15:13:01 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 30 Sep 2023 11:24:20 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 224 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.