bodnarsoft / keepass-smart-certificate-key-provider Goto Github PK
View Code? Open in Web Editor NEWKeePass plugin that allows to use Smart Card certificates to encrypt database more securely.
License: MIT License
KeePass plugin that allows to use Smart Card certificates to encrypt database more securely.
License: MIT License
Hello, tnx for developing this plugin!
I'm trying to use it to encrypt KeePass db using a self-signed digital id stored on a smartcard.
I'm using Omnikey 3021 to read the sc and SafeSign Token Administration Utility to manage it. I used openssl following to https://www.scottbrady91.com/openssl/creating-rsa-keys-using-openssl to create the digital id (pfx) and successifully imported it to the sc.
But when I go on Browse certificate store, the sc is read (it blinks 3 times) but PIN isn't requested and the Windows Security dialog opens saying no certificate is available.
For testing, I also followed https://www.sonicwall.com/support/knowledge-base/how-can-i-import-certificates-into-the-ms-windows-local-machine-certificate-store/170504615105398/ to import the certificate do Windows local store. I imported it to Current User and then it was found.
Might I be doing anything wrong? Maybe Omnikey isn't supported?
Thanks for this great plugin, but it does not support ecc certificate yet.
Is this possible & any plan?
Hi,
I tried to do the best thing and upload the same certificate to more Yubikeys. But opening the database with the backup key is not working, KeePass says:
Selected certificate can't be used!
Reason: At least on the of the given parameters can't be interpreted correctly.
There's no other messages, details, nothing. I have a Yubikey 5C Nano and a Yubikey 5C NFC. I generated the certificate on the Nano, exported it then imported to the NFC model into the same slot. Windows doesn't show any difference between the certificates, when the selector pops up, I can see the same. After typing the PIN, I get access to the certificate but KeePass / the plugin doesn't accept/work with it.
Is it possible to allow multiple smart cards to unlock the database? I'm trying to set this up at work where we have multiple people that access one database, but I can only seem to add just the one smart card.
(Also, just as a side note, this plugin is working perfectly with NHS Identity Service smart cards.)
Hi, thanks your work in the great plugin. We want to secure the keepass-database with Active-Directory certificates. Its al workink well. But, they are valid for 2 years. what happens, when the certificate is expired and did not do anything? THANKS
Hey, I'm currently using this plugin for myself and it works well, thanks! I was wondering whether I could encrypt a KeePass database for multiple keys? So that I could share a database with colleagues and they could all encrypt/decrypt it with their own smart card?
Thank you for this plugin, it does a great job allowing me to only remember my smart card's PIN and not another long passphrase ;)
I have multiple cettificates available on the smartcard and in windows' store; when I choose the right one at the prompt everything goes well, I can unlock the database and use it; and if I lock it I can unlock it later without choosing the cert again.
However If I close the application, I need to select the correct certificate again at launch. It would be nice if the associated certificate was remembered also between launches.
Windows 10 LTSC 2021 (21H2) x64, Safenet Authentication Client 10.8 R6, Keepass 2.54, SmartCertificateKeyProvider v.2.0.1
If have several certificates of same purpose (suggestion, I have several types of certs on card) on smartcard, then using with Smart Certificate Key Provider, Windows Security popup window shows and allows select only the latest one.
I have a lot of Secure Email certs on card, both expired (but usable to decrypt old messages or DBs), and current. I've used one to encrypt Keepass DB, and, only the latest one shown in popup after issuing new certificate, and, it's not the certificate used to encrypt KeePass database.
So if encrypted sometime with one some purpose cert, when new certificate of same purpose issued, you lost access to Keepass database.
And, if I invoke CertUtil -SCInfo command, popup shows 'certificate list' dialogue showing all certificates on smartcard.
See if it can be modified to support TPM-VSCs (documentation: https://download.microsoft.com/download/5/A/B/5ABDDED2-F56E-427D-88C1-411EA0DBFF42/Understanding%20and%20Evaluating%20Virtual%20Smart%20Cards.docx ) in the future
Im not sure if this project is maintained anymore but is there any chances of getting it compatible with the latest release?
Hello,
I locked my yubi so i had to reset it.
I exported the cert before that.
After the reset, I reimported the cert but it's impossible to open my database anymore...
Because of a private key problem?
Is there any way to open my database by overriding the key auth?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.