All relevant data is stored in a xml file in the same directory as your database. The challenge is stored to be issued on the next login and the response is used as an AES256 key to encrypt the secret. In order to avoid storing the secret in plain text, we generate a challenge-response pair ahead of time. Your secret is used as the key to encrypt the database. You will be prompted to insert your Yubikey and press the button to verify that you entered the correct secret. In the window that comes up, copy and paste the secret from your Yubikey. When you set the password on your database, you should select Yubikey challenge-response under key providers and click ok. Copy the secret and keep it somewhere safe since you'll need it to recover your database if you lose your Yubikey. I recommend requiring a button press to issue the response, but it should work either way. Ensure that the challenge is set to fixed 64 byte (the Yubikey does some odd formatting games when a variable length is used, so that's unsupported at the moment). First, configure your Yubikey to use HMAC-SHA1 in slot 2. KeeChallenge works using the HMAC-SHA1 challenge response functionality built into the Yubikey.
You should check that the DllImport statements in Yubiwrapper.cs match the file names of the binaries you have obtained. It should (hopefully) build without problems once this is done. Open the top level solution and adjust the references to point at your installed KeePass.exe. Prebuilt bundled binaries are available from. It also requires the Yubico open source library yubico-personalization (which in turn depends on yubico-c). KeeChallenge requires KeePass2, available from. See the OSX Guide by Markku for detailed instructions on how to do this. The same technique will work on OSX, but getting the 32bit Yubico libraries requires building from source. Put both KeeChallenge.dll and in the KeePass2 folder (on Ubuntu this is /usr/lib/keepass2). Make sure all of the Yubico libraries are installed where mono can find them (for example, /usr/lib).
For this to work, you must also obtain the appropriate versions of the Yubico libraries. To run under Linux using mono, you must modify and add a dllmap entry to let Mono know where to find the native libraries. DownloadĪs of v1.0.1 both Windows and Linux (Ubuntu) have been tested successfully. KeeChallenge KeeChallenge A plugin for KeePass2 to add Yubikey challenge-response capability.
0 kommentar(er)
