You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: source/components/software/nk-app2/keepassxc.rst
+22-24Lines changed: 22 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,22 +17,20 @@ First Step: Generate a HMAC Secret With the Nitrokey App 2
17
17
4. Click on ``ADD`` to create a new credential
18
18
5. Select ``HMAC`` from the algorithm drop-down menu
19
19
20
-
.. note::
21
-
22
-
- The credential is automatically named in ``HmacSlot2``.
23
-
- No extra attributes can be saved for the HMAC credential.
24
-
- The HMAC secret must be *exactly 20 bytes* long and in *Base32* format. That is exactly 32 characters.
25
-
- It is possible to save exactly one HMAC secret on a Nitrokey 3.
20
+
.. note::
21
+
- The credential is automatically named in ``HmacSlot2``.
22
+
- No extra attributes can be saved for the HMAC credential.
23
+
- The HMAC secret must be *exactly 20 bytes* long and in *Base32* format. That is exactly 32 characters.
24
+
- It is possible to save exactly one HMAC secret on a Nitrokey 3.
26
25
27
26
6. To generate a secret, there is a button in the field on the right-hand.
28
27
It is also possible to enter your own secret, as long as it is compliant.
29
28
30
-
.. warning::
29
+
.. warning::
30
+
The database can no longer be unlocked if the Nitrokey 3 is lost or unavailable! Thus, you may want to set up a second Nitrokey 3 with the same HMAC secret as a backup device.
31
31
32
-
The database can no longer be unlocked if the Nitrokey 3 is lost or unavailable! Thus, you may want to set up a second Nitrokey 3 with the same HMAC secret as a backup device.
33
-
34
-
.. important::
35
-
The secret can **only** be seen before saving. If the KeePassXC database is to be used with another Nitrokey 3, the HMAC secret must be copied which is **only** possible **before saving** the credential.
32
+
.. important::
33
+
The secret can **only** be seen before saving. If the KeePassXC database is to be used with another Nitrokey 3, the HMAC secret must be copied which is **only** possible **before saving** the credential.
36
34
37
35
7. Click on ``SAVE`` to save the credential
38
36
@@ -50,11 +48,9 @@ First Option: Protect an Existing KeePassXC Database With a Nitrokey 3
50
48
Click on ``OK`` to add the Nitrokey 3 to the existing KeePassXC database
51
49
52
50
.. note::
53
-
54
51
By default the Nitrokey 3 is used as a second factor in addition to the passphrase. To protect the database by the Nitrokey 3 exclusively, delete the passphrase by clicking the button ``Remove Password``.
55
52
56
53
.. tip::
57
-
58
54
If the Nirokey 3 is not recognized, close KeePassXC completely. Then connect the Nitrokey 3 to your computer before restarting KeePassXC.
59
55
60
56
@@ -78,11 +74,9 @@ Second Option: Creating a KeePassXC Database, Protected by Nitrokey 3
78
74
Click on ``Continue`` to complete the creation of the new KeePassXC database.
79
75
80
76
.. note::
81
-
82
77
If the passphrase is left empty, the database will be protected by the Nitrokey 3 exclusively. If a passphrase is entered, the database will be protected by the passphrase **and** the Nitrokey 3.
83
78
84
79
.. tip::
85
-
86
80
If the Nitrokey 3 is not recognized, close KeePassXC completely. Then connect the Nitrokey 3 to your computer before restarting KeePassXC.
87
81
88
82
Troubleshooting for Linux
@@ -92,15 +86,15 @@ If the Nirokey 3 device is not recognised by `KeePassXC <https://keepassxc.org/>
92
86
* Provided that the udev rules have been set as described `here </software/nitropy/linux/udev.html>`__.
93
87
* Provided that the ``pcscd service`` are has been started with:
94
88
95
-
.. code-block:: bash
89
+
.. code-block:: bash
96
90
97
-
sudo systemctl start pcscd.service
91
+
sudo systemctl start pcscd.service
98
92
99
93
* Install the latest version of KeePassXC with flatpak:
100
94
101
-
.. code-block:: bash
95
+
.. code-block:: bash
102
96
103
-
flatpak install flathub org.keepassxc.KeePassXC
97
+
flatpak install flathub org.keepassxc.KeePassXC
104
98
105
99
* Install ``ccid`` on Arch Linux based systems. See also: `Arch wiki: Nitrokey <https://wiki.archlinux.org/title/Nitrokey>`__.
106
100
@@ -114,15 +108,19 @@ An application using ``pcscd`` does not show the Nitrokey 3.
114
108
**Solution:**
115
109
First, make sure that ``scdaemon`` is not running (see the previous section)::
116
110
117
-
$ gpg-connect-agent "SCD KILLSCD" /bye
111
+
.. code-block:: bash
112
+
113
+
$ gpg-connect-agent "SCD KILLSCD" /bye
118
114
119
115
Now list the smartcards recognized by ``pcscd`` with ``pcsc_scan -r``.
120
116
You should see an entry like this one::
121
117
122
-
$ pcsc_scan -r
123
-
Using reader plug'n play mechanism
124
-
Scanning present readers..
125
-
0: Nitrokey 3 [CCID/ICCD Interface] 00 00
118
+
.. code-block: bash
119
+
120
+
$ pcsc_scan -r
121
+
Using reader plug'n play mechanism
122
+
Scanning present readers..
123
+
0: Nitrokey 3 [CCID/ICCD Interface] 00 00
126
124
127
125
If the Nitrokey 3 shows up, it is recognized correctly by ``pcscd`` and there might be an issue with the application that tries to access it.
128
126
If it does not show up, make sure that your ``libccid`` version is up to date.
0 commit comments