Home > Articles > You should use KeePass

You should use KeePass - Robin Wils's website

Last modified: Sun, Dec 1, 2019

Table of Contents

Why KeePass?

The KeePassXC logo.

KeePassXC - CC0 licensed.

Convenience

KeePass is a offline password database. It generates all your passwords for you. You only have to remember one password so using it is very convenient.

Some versions can manage SSH keys for you. Forget all your fast made passwords. You only have to create and remember one strong master password.

Browser and mobile plugins for this database exist.

Security

KeePass generates strong passwords for you. Passwords can't get cracked online, since the database is offline. Online password databases do have this problem.

Most (if not all) KeePass programs are free software and licensed under the GPL, which means that it should respect four freedoms. This creates some trust and I think that it was is a great pick for such a program.

You can read my Think before using the GPL license article for more information.

Which version?

I recommend KeePassXC. It is a community fork of KeePassX.

I would recommend KeePass2 if KeePassXC isn't available for you. KeePassXC should work cross-platform, so it would be weird that it wouldn't work on your system in the first place.

How?

Use on computer

  1. Install KeePass
  2. Open KeePass
  3. Create a new database and give it a master key (+ optional additional protection such as a key file and YubiKey).
  4. Create some entries– enter the username, password, URL (of login page), and optionally notes about the entry.
  5. Save

Use on mobile

I recommend to transfer your database file to your phone if you want to use it on your phone. Many applications allow you to use things like Dropbox to get to your database, but manual transfer seems safer.

Android

KeePass DX is available on F-Droid and the Google Play Store. It is compatible with all KeePass versions (KeePass, KeePassX, KeePass XC…).

iOS

KeePassium is available on F-Droid and the Apple App Store. It is compatible with all KeePass versions (KeePass, KeePassX, KeePass XC…).

Use in Browser

KeePassXC has a browser plugin. You should enable browser integration if you want to use this. You can find links to the KeePassXC-Browser add-on here.

There are other add-ons for other KeePass versions such as the KeePassHttp-Connector add-on.

Use to manage SSH keys

This can work on other version as KeePassXC, but this explanation is made for KeePassXC.

Create a new key in KeePassXC

Create a new entry in your KeePassXC database and generate a password for it. Save this entry.

New key in KeePassXC.

Screenshot taken by Robin Wils - CC0 licensed.

Generate a key pair

You can generate a pair of keys with the ssh-keygen command if you don't own some yet. Use the generated password as password.

ssh-keygen -b 4096
ssh-keygen command output.

Screenshot taken by Robin Wils - CC0 licensed.

Enable SSH Agent

  1. Go to “Tools -> Settings”.
  2. You can find SSH Agent in the left column.
  3. Click on it to enable it.
  4. Restart KeePassXC
KeePassXC Application Settings.

Screenshot taken by Robin Wils - CC0 licensed.

Implement SSH Agent

SSH Agent configuration in KeePassXC.

Screenshot taken by Robin Wils - CC0 licensed.

  1. Edit the key which you just made in KeePassXC. (Right click -> Edit entry or Ctrl+E)

  2. Click on SSH Agent

  3. Check the checkboxes which you want to have enabled.

    • The first two checkboxes are for basic functionality;
    • The third checkbox is to provide a dialog window when the key is used. A askpass program is required for this option.
  4. Add The key by selecting it as External file.

  5. Save the database.

You should have working SSH keys now.

Possible problem on GNU or Linux systems

Some things like the GNOME Keyring can cause problems. Make sure that only on SSH Agent is running. GNOME Keyring can manage SSH keys. I use ssh-agent for this. You can add the following command to “~/.bashrc” or to your init script to run it in the background.

eval `ssh-agent -s` &

Home > Articles > You should use KeePass