Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardware key not detected on keepassxc #4883

Closed
rusty-snake opened this issue Jan 27, 2022 · 4 comments · Fixed by #4903 or #4915
Closed

Hardware key not detected on keepassxc #4883

rusty-snake opened this issue Jan 27, 2022 · 4 comments · Fixed by #4903 or #4915
Projects
Release 0.9.68
Milestone
0.9.68

Comments

@rusty-snake
Copy link
Collaborator

@miragy69 at keepassxreboot/keepassxc#7317 (comment):

Summary

Keeppassxc can't detect any hardware key after get in the jail. Hardware serial number is detectable. (Edited) Please reassign the label if needed.

Temporary solution

The issue can be solved by commented out these applications under /usr/lib/firejail/firecfg.config. Then # firecfg --clean && firecfg for recreate links again image for commenting out the keepassxc-proxy can solve the issue #6230, i.e. you don't have to manually click reload on browser plugin for password autoloading.

Looking for future support on firejail

It will make safer for running keepassxc in the firejail, if the above issue can be solved. Many thanks.

Possible solutions:

  1. Add a comment (Put 'ignore nou2f' and 'ignore private-dev' in your keepassxc.local).
  2. Remove nou2f and a a comment for private-dev (If you need to plugin devices while kpxc is running add ...)
  3. Remove both, nou2f and private-dev.

I'm not sure which one is the best, but I think we should fix this for 0.9.68.

Originally posted by @rusty-snake in #4770 (comment)
@rusty-snake rusty-snake added this to the 0.9.68 milestone Jan 27, 2022
@rusty-snake rusty-snake added this to To do in Release 0.9.68 via automation Jan 27, 2022
@kmk3 kmk3 changed the title Hardware key not detect issue on keepassxc Hardware key not detected on keepassxc Jan 27, 2022
kmk3 added a commit to kmk3/firejail that referenced this issue Feb 6, 2022
@kmk3
keepass*: remove nou2f
09ac1a7 
At least keepassxc supports U2F and password managers seem like they
would be a common use case for it.

See the discussion on netblue30#4883.
kmk3 added a commit to kmk3/firejail that referenced this issue Feb 6, 2022
@kmk3
keepass*: note that private-dev blocks access to new hardware keys
8a718ff 
Which may be surprising to some users (see netblue30#4883).

Fixes netblue30#4883.
@kmk3 kmk3 mentioned this issue Feb 6, 2022
Merged
@kmk3
Copy link
Collaborator

kmk3 commented Feb 6, 2022

@rusty-snake commented on Jan 27:

@miragy69 at keepassxreboot/keepassxc#7317 (comment):

Summary

Keeppassxc can't detect any hardware key after get in the jail. Hardware
serial number is detectable. (Edited) Please reassign the label if needed.

[...]

Possible solutions:

  1. Add a comment (Put 'ignore nou2f' and 'ignore private-dev' in your keepassxc.local).
  2. Remove nou2f and a a comment for private-dev (If you need to plugin devices while kpxc is running add ...)
  3. Remove both, nou2f and private-dev.

I'm not sure which one is the best, but I think we should fix this for
0.9.68.

2 sounds good to me, so I went with that on #4903.

@kmk3 kmk3 moved this from To do to In progress in Release 0.9.68 Feb 6, 2022
Release 0.9.68 automation moved this from In progress to To Document (RELNOTES/man) Feb 6, 2022
@rusty-snake
Copy link
Collaborator Author

Reopen to keep attention to

  1. Does keepass and keepassx support hardware keys?

  2. "ignore nou2f" // "ignore private-dev"

@rusty-snake rusty-snake reopened this Feb 6, 2022
Release 0.9.68 automation moved this from To Document (RELNOTES/man) to In progress Feb 6, 2022
@kmk3
Copy link
Collaborator

kmk3 commented Feb 6, 2022

@rusty-snake commented on Feb 6:

Reopen to keep attention to

  1. Does keepass and keepassx support hardware keys?

Well, keepassx is unmaintained and seemingly has no docs and I can't really
tell the status from the docs of keepass (which to me appears to only claim to
work with keys that emulate a usb keyboard):

If you don't see anything that confirms it either I'll revert both.

  1. "ignore nou2f" // "ignore private-dev"

Fixed on commit 91b0417 ("keepass*: fix typo in private-dev note",
2022-02-06).

@rusty-snake
Copy link
Collaborator Author

The yubikey support in kpxc seems to be based on https://github.com/kylemanna/keepassx / keepassx/keepassx#52 which was never merged. For me it looks like kpx never got official support for it.

keepass seems to support hw keys (via plugin).

kmk3 added a commit to kmk3/firejail that referenced this issue Feb 7, 2022
@kmk3
keepassx: restore nou2f
f8060a0 
I could not find anything to confirm that keepassx supports hardware
keys.  And as mentioned by @rusty-snake[1]:

> The yubikey support in kpxc seems to be based on
> https://github.com/kylemanna/keepassx /
> keepassx/keepassx#52
> which was never merged. For me it looks like kpx never got official
> support for it.
>
> keepass seems to support hw keys (via plugin).

Also of note is the PR that added yubikey support to keepassxc:
keepassxreboot/keepassxc#127

This partially reverts commit 09ac1a7 ("keepass*: remove nou2f",
2022-02-05) / PR netblue30#4903.  See also commit 91b0417 ("keepass*: fix typo
in private-dev note", 2022-02-06).

Closes netblue30#4883.

[1] netblue30#4883 (comment)
@kmk3 kmk3 mentioned this issue Feb 7, 2022
Merged
@kmk3 kmk3 removed this from In progress in Release 0.9.68 Feb 7, 2022
@kmk3 kmk3 added this to To do in Release 0.9.70 via automation Feb 7, 2022
@kmk3 kmk3 added this to Done (on RELNOTES) in Release 0.9.68 Feb 7, 2022
@kmk3 kmk3 removed this from To do in Release 0.9.70 Feb 7, 2022
@seonwoolee seonwoolee mentioned this issue Feb 11, 2022
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
No open projects
Release 0.9.68
  
Done (on RELNOTES)
Milestone
0.9.68
2 participants
@kmk3 @rusty-snake