What kind of certificates can I use?įor now, only RSA certificates are supported.ĮCDSA is a signature algorithm. If you think otherwise, please contact me. If you use a certificate with a strong enough key (RSA with at least a 1024 bits key is recommended), the limiting factor should be the strength of your master password. If required-on a KeePass version without plugins, like Android-the database can always be opened using only the master password. This way, it's possible to easily open the database using only a certificate. When the provider is used, it decrypts the master password using the private part of the certificate, and returns it to KeePass. cspkey file (Certificate Shortcut Provider Key) containing the master password encrypted with the public part of an X.509 certificate. This plugin allows you to open your database using either a master password OR an X.509 certificate. Introducing: KeePass Certificate Shortcut Provider It's not possible to use either a passphrase, or a certificate to unlock the database. This is probably not a good practice.)Īnd most of all, all the solutions I reviewed are additive, which means that the certificate can only be used as a part of the composite master key used by KeePass to protect the database. (I'm not a crypto expert, but signatures are not designed to do that. (then why bother using a hardware secure element?) Some need the private key of the certificate to be exportable. Unfortunately, none of the existing plugins do exactly what I want. KeePass does not support using a certificate out of the box, but it can be done with plugins. Now that I have a USB SmartCard, It would be convenient (and more secure) if I could use it to unlock my KeePass database, instead of typing my whole master password each time, for all kinds of key-loggers to record. I'm a bit paranoid, so my master passphrase tends to be (very) long.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |