On Fri, Aug 10, 2018 at 02:39:21AM -0700, joevio...@gmail.com wrote:
> On Wednesday, 8 August 2018 13:34:14 UTC-4, Arnulf Maria Bultmann  wrote:
> > Hello,
> > I use my yubikey besides other things as a password safe. under windows 
> > there is no problem to use the yubikey to type in the password into keepass.
> > Now I want to use the yubikey for thesame procedure under qubes 4.0.
> > I use a security-vm for keepass and connect the yubikey from sys-usb to 
> > security-vm. It's no problem to use the personalization gui. but how can I 
> > use the yubikey in this vm as a kind of usb-keyboard to put the stored 
> > password into keepass or for example an editor?
> > thanks in advance for your help
> > Arnulf
> I don't think USB keyboards attach to AppVMs normally.  They attach to dom0, 
> and use the qubes-gui windows manager to type and control mouse movement and 
> clicks.
> So if you were to attach it to an AppVM.. I am not sure it could even type 
> into the session you are viewing.  Keyboards and mice have to attach to dom0 
> in order for it to interact with the windows it renders.

This isn't quite right.
If you have a sys-usb set up, then the keyboard will be attached there,
and not to dom0.
Have a look at :

I suspect op needs to edit the RPC policy rules in

> Have you considered using Chal/Resp instead of static password?  It is way 
> more secure since you are not using one password for everything... and the 
> secret never gets send across USB.  Keepass works with Challenge / Response, 
> and even works with LUKS encryption of Qubes OS.  KeeChallenge and OtpKeyProv 
> plugin for Keepass running on mono in a debian AppVM.  Then you can attach 
> the Yubikey to that vm, and Challenge Response with something you know.. 
> opens the vault.
> http://richardbenjaminrush.com/keechallenge/

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to