At the log in screen, enable Key File and select One-Time Passwords. Congratulations, you've successfully configured your YubiKeys to protect your KeePass database with OATH HOTP! To test your login, lock your database and attempt to regain access to it.We strongly recommend a look-ahead count that is greater than 0 somewhere between 5-10 should work for most. A higher number of OTPs and a lower look-ahead count generally equate to increased security at a higher inconvenience. The look-ahead count refers to the number of events (like pressing the YubiKey’s button) that can be skipped before the token goes out of sync. In the same window, configure your database protection settings.Select the same HOTP length as you chose earlier and copy over the secret key. In it, configure the plug-in with the same parameters as you used to configure the YubiKey. A Configure OTP Lock window should appear. Enter your master password, check Show expert options, check Key file / provider, and select One-Time Passwords (OATH HOTP) from the list. You should see the Create Composite Master Key window.Install OtpKeyProv by copying the files in the zip folder into KeePass' installation folder. Install KeePass and OtpKeyProv, if you have not already done so.Click Update Settings, select the Configuration Slot you programmed your OATH-HOTP credential into (probably slot 2), click Update, and confirm to save your changes.Under Output Settings, disable the carriage return on the output by clicking the Enter button (it is enabled by default it should change from blue to white/gray).A message stating that your YubiKey has been successfully configured is displayed in the Results pane. Copy this key and keep it in a secure location. You will need this key to program your KeePass database and to recover it if something goes wrong. Click Generate to generate your secret key.These instructions assume you want to use the 8 digits. The longer the length is, the more secure it is. These instructions assume you want to use the second configuration slot, which is, by default, empty. Select the configuration slot that you want to program.Install the YubiKey Personalization Tool, if you have not already done so, and launch the program.OtpKeyProv, the KeePass plugin that adds support for OATH-HOTP.A YubiKey with a spare configuration slot.You can use the secret key (from step 5) to program the same Challenge-Response credential into a backup YubiKey using YubiKey Manager, so consider doing this and/or saving it somewhere safe for the future.Make sure to save changes either by clicking File > Save or by answering Save when exiting KeePass. Read the emergency sheet pop-up if it appears.If you didn't, your database should open immediately (if you are setting up a new database you will be prompted to fill in some additional information). If you checked Require touch in step 5, you will be prompted to touch your YubiKey (its LED should also flash on and off steadily).(Note: If you see the error "secret does not match yubikey," this option hasn't been selected.) Paste the secret key generated in step 5 into the window, check Variable Length Challenge?, and click OK.Click OK, and you should see a Secret Key Entry window appear.Enter your master password, check Show expert options, check Key file / provider, and select Yubikey challenge-response from the list. If you are creating a new database, initiate the process, then select your name and save location (you will be prompted to do this). If you already have an existing database, open it, then click File > Change Master Key.Run KeePass, or restart it if it was already running. zip file into the KeePass installation folder. KeeChallenge is installed by copying the contents of the. Install KeePass and KeeChallenge, if you have not already done so.Generate a secret key by clicking Generate, and copy it somewhere (this will be needed later for KeePass setup).Select Challenge-response and click Next.Since KeeChallenge only supports use of configuration slot 2 (this slot comes empty from the factory), click Configure under the Long Touch (Slot 2).Install YubiKey Manager, if you have not already done so, and launch the program.KeeChallenge, the KeePass plugin that adds support for Challenge-Response.KeePass version 2 (version should be 2.xx).A YubiKey with configuration slot 2 available.HMAC-SHA1 Challenge-Response (recommended) Requirements HMAC-SHA1 is recommended over OATH-HOTP because of its ease-of-use, as well as its ability to be backed up (it is not possible to have a backup YubiKey when OATH-HOTP is used). This article covers two methods for using YubiKeys with the KeePass password manager: HMAC-SHA1 Challenge-Response and OATH-HOTP.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |