GpgKee is a KeePass plugin that provides GPG authentication.
The GpgKee plugin is EXTREMELY basic. There is no guarantee that it will work for you. There is no error handling. There are no tests of any sort. Do not use this plugin unless you are willing to lose everything in your KeePass database.
GpgKee can be used as a secondary component to your KeePass master key. It uses the GPG application on your computer to decrypt an encrypted secret key. If it is able to decrypt the key, the key is passed along to KeePass to decrypt your password database.
GpgKee is currently very minimal. There are no GUI components to help you generate your encrypted secret key and there is no error handling. These components should be added eventually, but the plugin works in its current state.
GpgKee currently has two requirements:
- You must have Gpg4win installed to the default
location. GpgKee is hard coded to use the
gpg2
executable located atC:\Program Files (x86)\GNU\GnuPG\pub\gpg2.exe
. - Your pinentry must open in a new window so that when GpgKee executes the
gpg2
application, the pinentry application can prompt you for your password.
Once you have Gpg4win installed and configured, you need to generate a secret key. You can use anything you want as the secret key.
Once you have a secret key, encrypt it with GPG:
gpg2 --output secret-key.gpg --encrypt --recipient *your public key* secret.key
Once you have your encrypted secret key, move it to the same folder as your KeePass kbdx file and rename it the same name as your KeePass database with a ".gpgkee" extension.
For example, if your KeePass database is called "Personal.kbdx", name your gpg encrypted secret key "Personal.gpgkee".
Now that your secret key is set up, you can change your master key to use the GpgKee secret key.
- Open your KeePass database.
- Click File >> Change Master Key...
- Check the "Key file / provider" checkbox.
- Select the "GPG Authentication" provider.
- Click OK.
- Type in your GPG key pin if you are prompted.
- Save your database.
If all went according to plan, when you open your database again, you will be prompted for your GPG key pin and your password database will open.