On Fri, Aug 10, 2018 at 02:39:21AM -0700, [email protected] wrote: > On Wednesday, 8 August 2018 13:34:14 UTC-4, Arnulf Maria Bultmann wrote: > > Hello, > > I use my yubikey besides other things as a password safe. under windows > > there is no problem to use the yubikey to type in the password into keepass. > > Now I want to use the yubikey for thesame procedure under qubes 4.0. > > I use a security-vm for keepass and connect the yubikey from sys-usb to > > security-vm. It's no problem to use the personalization gui. but how can I > > use the yubikey in this vm as a kind of usb-keyboard to put the stored > > password into keepass or for example an editor? > > thanks in advance for your help > > Arnulf > > I don't think USB keyboards attach to AppVMs normally. They attach to dom0, > and use the qubes-gui windows manager to type and control mouse movement and > clicks. > So if you were to attach it to an AppVM.. I am not sure it could even type > into the session you are viewing. Keyboards and mice have to attach to dom0 > in order for it to interact with the windows it renders. >
This isn't quite right. If you have a sys-usb set up, then the keyboard will be attached there, and not to dom0. Have a look at : https://www.qubes-os.org/doc/usb I suspect op needs to edit the RPC policy rules in /etc/qubes-rpc/policy/qubes.InputKeyboard > > Have you considered using Chal/Resp instead of static password? It is way > more secure since you are not using one password for everything... and the > secret never gets send across USB. Keepass works with Challenge / Response, > and even works with LUKS encryption of Qubes OS. KeeChallenge and OtpKeyProv > plugin for Keepass running on mono in a debian AppVM. Then you can attach > the Yubikey to that vm, and Challenge Response with something you know.. > opens the vault. > http://richardbenjaminrush.com/keechallenge/ > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180810141751.r3n3pfjvo3i2m2yt%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
