KeePass Integration

F

freynder

Member
As of v0.11.0, Darkcoin Core client offers KeePass integration. This guide will show you how to configure the association between Darkcoin and KeePass and how to save a Darkcoin wallet passphrase entry in KeePass through the integration. When this is done, KeePass can be used to unlock the wallet.

There is also a video (no sound) of this available here:

You will need the following:

The following keepass RPC commands are available in the Darkcoin client console or server:
  • keepass genkey: Generates a base64 encoded 256 bit AES key that can be used for the communication with KeePassHttp. This is only necessary for manual configuration. Use init for automatic configuration.
  • keepass init: Sets up the association between Darkcoin and KeePass by generating an AES key and sending an association message to KeePassHttp. This will trigger KeePass to ask for an Id for the association. Returns the association and the base64 encoded string for the AES key.
  • keepass setpassphrase : Updates the passphrase in KeePassHttp to a new value. This should match the passphrase you intend to use for the wallet. Please note that the standard RPC commands walletpassphrasechange and the wallet encrption from the QT GUI already send the updates to KeePassHttp, so this is only necessary for manual manipulation of the password.
The following new options are available for darkcoind and darkcoin-qt:
Code: 
-keepass               Use KeePass 2 integration using KeePassHttp plugin (default: 0)
-keepassport=<port>    Connect to KeePassHttp on port <port> (default: 19455)
-keepasskey=<key>      KeePassHttp key for AES encrypted communication with KeePass
-keepassid=<name>      KeePassHttp id for the established association
-keepassname=<name>    Name to construct url for KeePass entry that stores the wallet passphrase

keepass option is not necessary during configuration, but is necessary to retrieve the password from keepass.

Example scenario:
  • Existing encrypted wallet
  • current wallet passphrase: 1BWi2OXyk76uWumxJQy4
Step 1: Configure the association
  • Start KeePass2
  • Open existing database or create a new one:
  • Start the darkcoin-qt client
  • Open console: Help -> Debug Window -> Console:
  • Type: keepass init
  • KeePass will ask for a "Key name" for the association. Choose a relevant name, e.g.: testwalletassociation
  • Return to the darkcoin-qt console. The console will show the new key:
  • Edit your darkcoin.conf file with the information provided. You may freely choose a value for keepassname. This will be used to name the entry for the wallet passphrase in KeePass.
    Code: 
    keepass=1
keepasskey=MSb+JLygqz7ZH40SyJ1QR62iOOIXoa3tmT8SMGGI2K0=
keepassid=testwalletassociation
keepassname=testwallet
  • Close the darkcoin-qt client
Step 2: Setup wallet passphrase entry in the KeePass database

  • Make sure KeePass2 is running
  • Start the darkcoin-qt client
  • Open console: Help -> Debug Window -> Console:
  • Type: keepass setpassphrase <passphrase> (replace <passphrase> with your actual wallet passphrase):
  • A new entry should appear in KeePass with the name you specified in the keepassname configuration variable:
  • Save the KeePass2 database
At this point the configuration is complete. You set up the association and stored the wallet passphrase in KeePass2.

You can now use KeePass to manage and provide your wallet passphrase. To do this, simply use "keepass" (without the quotes) as passphrase when needed. The integration is active in the GUI (Unlock Wallet, Change Passphrase) as well as the RPC commands (walletpassphrase, walletpassphrasechange, masternode).

Small example for unlocking the wallet from the console:
 
Last edited by a moderator:
Hi
I understand that my keepass has to be running while using this and the workspace cannot be locked?
I use keepass everyday, it's like the tool I would not be able to live without :) I just do ctrl+c in keepass and ctrl+v in wallet console when I need to use the password.
Does this not weaken my security anyhow?
 
jpr said:
Hi
I understand that my keepass has to be running while using this and the workspace cannot be locked?
I use keepass everyday, it's like the tool I would not be able to live without :) I just do ctrl+c in keepass and ctrl+v in wallet console when I need to use the password.
Does this not weaken my security anyhow?
Click to expand...

Hi. The workspace can be locked if you like, KeePassHttp will ask to unlock it when it needs to retrieve the passphrase.
I definitely agree on how essential KeePass is :)
I don't think it necessarily weakens security. It basically replaces the copy paste mechanism you currently use with a direct communication. The communication is encrypted as opposed to the clipboard buffer which could be monitored if your computer would be compromised. Also, no more need to type the password in plain text in the console which could be monitored by a trojan as well.
 
Well done !
This above is amazing,
i am using keepass every day and love it !
to have them integrated into DRK Wallets is really good !

the video is great, but sure sound would definitely help !
onetime yidakee
any chance ether of you could look into a voiceover here ??
Guides and everything is available !
:wink:
 
As others here, I could not live without Keepass, so I will definitely try this. Thanks for the guide, it is super useful. I agree with tungfa about the voiceover. Talking while doing sometimes feels weird and not all us have clear voices (I know I don't!), but there are a few guys around who could do great with it.
 
Hey freynder very cool! So let's say I want to change the passphrase after this is associated. I would just edit the entry in keepass and change the passphrase through the debug window or console of the daemon?
 
Hi Propulsion,
When you change the passphrase in the darkcoin client, and keepass integration is activated, it will try to automically update the entry in KeePass through the integration. The video shows this at the end using the console but it should work from the GUI as well. No information should be lost as KeePass will ask confirmation to update the passphrase and also keeps a history of the account.
If for some reason, the update did not happen, you can always set it yourself by manually updating KeePass as you indicated, or by using the "keepass setpassphrase" command.
 
You must log in or register to reply here.
Back
Top