Return to site
Return to site

Keepassxc Browser Connect

broken image


A previous article discussed password management tools that use server-side technology. These tools are very interesting and suitable for a cloud installation.
In this article we will talk about KeePassXC, a simple multi-platform open source software that uses a local file as a database.
The main advantage of this type of password management is simplicity. No server-side technology expertise is required and can therefore be used by any type of user.

Introducing KeePassXC

KeePassXC is an open source cross platform password manager: its development started as a fork of KeePassX, a good product but with a not very active development. It saves the secrets in an encrypted database with AES algorithm using 256 bit key, this makes it reasonably safe to save the database in a cloud drive storage such as pCloud or Dropbox.

  1. KeepassXC 2.6 can't connect to KeePassXC-Browser anymore I upgraded KeepassXC to Version 2.60 on our Windows Terminal Server and ever since then, the connection to the Firefox-Plugin KeePassXC-Browser (also latest Version 1.6.6) can not be established.
  2. Chocolatey is software management automation for Windows that wraps installers, executables, zips, and scripts into compiled packages. Chocolatey integrates w/SCCM, Puppet, Chef, etc. Chocolatey is trusted by businesses to manage software deployments.

In addition to the passwords, KeePassXC allows you to save various information and attachments in the encrypted wallet. It also has a valid password generator that helps the user to correctly manage his credentials.

Chocolatey is software management automation for Windows that wraps installers, executables, zips, and scripts into compiled packages. Chocolatey integrates w/SCCM, Puppet, Chef, etc. Chocolatey is trusted by businesses to manage software deployments. KeePassXC is a community fork of KeePassX, the cross-platform port of KeePass for Windows. Every feature works cross-platform and was thoroughly tested on multiple systems to provide users with the same look and feel on every supported operating system. This includes the beloved Auto-Type feature.

Installation

The program is available both in the standard Fedora repository and in the Flathub repository. Unfortunately the integration with the browser does not work with the application running in the sandbox, so I suggest to install the program via dnf:

Creating your wallet

To create a new database there are two important steps:

  • Choose the encryption settings: the default settings are reasonably safe, increasing the transform rounds also increases the decryption time.
  • Choose the master key and additional protections: the master key must be easy to remember (if you lose it your wallet is lost!) but strong enough, a passphrase with at least 4 random words can be a good choice. As additional protection you can choose a key file (remember: you must always have it available otherwise you cannot open the wallet) and / or a YubiKey hardware key.

The database file will be saved to the file system. If you want to share with other computers / devices you can save it on a USB key or in a cloud storage like pCloud or Dropbox. Of course, if you choose a cloud storage, a particularly strong master password is recommended, better if accompanied by additional protection.

Creating your first entry

Once the database has been created, you can start creating your first entry. For a web login specify a username, password and url in the Entry tab. Optionally you can specify an expiration date for the credentials based on your personal policy: also by pressing the button on the right the favicon of the site is downloaded and associated as an icon of the entry, this is a nice feature.

Keepassxc Browser Connect

KeePassXC also offers a good password / passphrase generator, you can choose length and complexity and check the degree of resistance to a brute force attack:

Browser integration

KeePassXC has an extension available for all major browsers. The extension allows you to fill in the login information for all the entries whose URL is specified.

Browser integration must be enabled on KeePassXC (Tools menu -> Settings) specifying which browsers you intend to use:

Once the extension is installed, it is necessary to create a connection with the database. To do this, press the extension button and then the Connect button: if the database is open and unlocked the extension will create an association key and save it in the database, the key is unique to the browser so I suggest naming it appropriately :

When you reach the login page specified in the Url field and the database is unlocked, the extension will offer you all the credentials you have associated with that page:

In this way, browsing with KeePassXC running you will have your internet credentials available without necessarily saving them in the browser.

SSH agent integration

Another interesting feature of KeePassXC is the integration with SSH. If you have ssh-agent running KeePassXC is able to interact and add the ssh keys that you have uploaded as attachments to your entries.

First of all in the general settings (Tools menu -> Settings) you have to enable the ssh agent and restart the program:

At this point it is required to upload your ssh key pair as an attachment to your entry. Then in the 'SSH agent' tab select the private key in the attachment drop-down list, the public key will be populated automatically. Don't forget to select the two checkboxes above to allow the key to be added to the agent when the database is opened / unlocked and removed when the database is closed / locked:

Now with the database open and unlocked you can log in ssh using the keys saved in your wallet.

The only limitation is in the maximum number of keys that can be added to the agent: ssh servers do not accept by default more than 5 login attempts, for security reasons it is not recommended to increase this value.

KeePassXC is a password manager, used to save all your username/password combinations in one place and securing them with strong encryption. I won't be talking here about the advantages of password managers, I will assume that you have heard of them before and know how they are used.

I have been using KeePass for a few years now and I love it. I started using KeePass 2 on Windows, then transitioned over to KeePassX for Linux (which is not developed actively anymore). Now there is KeePassXC, which is a modern community-driven version. It works on Windows, Linux and macOS and I highly recommend it! Also, read the FAQ.

The interesting features of KeePassXC can be seen on the homepage itself, but the most important feature for me was the seamless integration into my Firefox browser. This is how it works: Whenever you open a webpage with a login, Firefox checks if KeePassXC has a saved password for the page. If it finds one, it automatically enters the username and password into the fields on the page.

I will be working with KeePassXC 2.2.1 and Firefox 57+. This version of Firefox starts using WebExtensions, which is just a new type of browser extensions. Older versions of KeePass addons won't work with new versions of Firefox.

There are two parts which need to be configured for this procedure to work.

Note: This information is mostly outdated. There is an official browser plugin for KeePassXC 2.3.0. Read about it here: New KeePassXC 2.3.0 released

After downloading and installing KeePassXC, start it and open a database. If you already have a database with passwords and set up URLs for your logins, you can skip this section.

If you have never used KeePass, create a new one. Insert your master password, which should be a strong password. This is the password that will protect all your other passwords, so make it long and difficult to guess. After this step, you can start to create new entries.

When you create a new entry, you need to fill at least three fields: username, password and URL. These should be self-explaining. For the URL, put in the webpage where the login should trigger, for example: 'https://facebook.com/login'.

Keepassxc Chrome

Save the database and you are done! In the next step you will configure KeePassHttp.

KeePassHttp is a plugin for KeePass. At the time of writing, it is integrated into KeePassXC. Open the settings under 'Tools – Settings' and click on 'Browser Integration' on the left sidebar. If the option is not enabled yet, click on 'Enable KeePassHttp server'.

Keepassxc Download

Enable the following options (click for full size):

You can hover over the options for more information on what each of them does.
Congratulations, you passed the first part of this tutorial! Next: Firefox!

Is KeePassHttp secure?

Short answer: As long as your computer is safe, yes.
Long answer: Official README and some GitHub Issues

You can skip this paragraph, which talks a bit about the history of Firefox plugins for KeePass and the struggles.
In the old days of Firefox, there was KeepassHttp, the plugin for KeePass 2, which needed a lot of configuration. With KeeFox, a Firefox extension, it nearly worked out-of-the-box, but really only on Windows. Let me tell you, it was awful! Later came PassIFox and chromeIPass for Chrome, which also worked with the Linux ports. They did not come without issues, often breaking functionality after a Firefox or KeePass update. The maintainers of the above plugins often did not merge their patches and updates into the Mozilla extension, which led to weeks without working implementation.
Then, some day, you needed a new extension so that KeePass can read the URL from
Finally, Mozilla switched to Web Extensions, which completely broke the extensions for the newest versions of Firefox.
But, the extensions are still actively developed, and some ingenuous developer built and uploaded a working version of PassIFox, called KeePassHttp-Connector.

KeePassHttp-Connector

Download it here: https://addons.mozilla.org/it/firefox/addon/keepasshttp-connector/

Keepassxc Browser Can't Connect

Update from 2017-11-14:
The addon was removed from the Mozilla page, but the GitHub repository is still available. The Firefox addon is the .xpi file, for Chrome download the .crx. You can download the latest release here: https://github.com/smorks/keepasshttp-connector/releases.

Update from 2017-11-21:
The addon is available again on the Mozilla webpage and works with Firefox 57+ (named Quantum).

KeepassXC-Browser

Update from 2018-04-08:
Note: This information is mostly outdated. There is an official browser plugin for KeePassXC 2.3.0. Read about it here: New KeePassXC 2.3.0 released

This is the only plugin you need for Firefox 57+. After installing, you can click on the plugin in the Firefox menu bar and click 'Connect'.

If the previous steps were correctly executed, KeePassXC will now open a window and ask for confirmation. Enter a name (ex. 'Firefox') and click OK.

Now you are done. Open the web page for one of your logins and the fields should be filled with your credentials!

Keepassxc Browser Connect

Not working as described or having problems? Head to GitHub and open an issue or comment below!





broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save