-2

I would like to have 2-step authentication by password + Fido U2F security key. I did not find any approaches which would work in Debian 8.7. The OS should not be a limiting factor here because Qt libraries are used with KeePassX.

OS: Debian 8.7
Fido U2F key: YubiKey Neo, YubiKey 4

Léo Léopold Hertz 준영
  • 6,788
  • 29
  • 91
  • 193
  • 1
    I don't know exactly how U2F works, but in a sense it seems difficult (impossible) to require a one-time password / challenge-response authentication for a static file that's stored locally as you'd need some program to run the algorithm, and the file itself can't do that. It would need to be re-encrypted with a new key on every use, and so on... – ilkkachu Mar 10 '17 at 11:22

2 Answers2

1

The only form of two-factor authentication supported in KeePassX is a password and a key-file; quoting the features:

access to the KeePassX database is granted either with a password, a key-file (e.g. a CD or a memory-stick) or even both.

If you want to add U2F support you'll have to code it.

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
0

Development is going on

I requested preview support for the ticket #52 from YubiKey support team with Ticket #00019088:

We do not support this app. We do know that they have already added support for CR several years ago. As to supporting the developer in getting this working, if they reach out to us we are more than happy to work with them on this.

I passed the piece of information to the developer as a comment in the ticket. Now, #52 is finally merged to #127. I will look forward for the preview help in the latest ticket. I requested preview support from the YubiKey support team for the titket #127 now.

KeePassX Dev

I am studying the project supporting YubiKey DB unlock which can be about the case here.

Léo Léopold Hertz 준영
  • 6,788
  • 29
  • 91
  • 193