yubikey


Enhancing KeePassXC with YubiKey on Ubuntu: Enabling the Raw-USB Interface

In digital security, combining hardware-based authentication devices like YubiKey with robust password management solutions such as KeePassXC represents a gold standard. YubiKey provides a physical, secure element for two-factor authentication, significantly enhancing security over traditional password-only systems. KeePassXC, a free and open-source password manager, allows users to manage their passwords securely. However, when running KeePassXC as a Snap package on Ubuntu, users may encounter an unexpected hurdle due to Snap’s inherent security and isolation features. This post aims to guide you through enabling your YubiKey hardware to work seamlessly with KeePassXC installed via Snap by manually allowing the raw-usb to interface.

Understanding the Challenge

Snap, a package management and deployment system developed by Canonical, allows for the consistent, secure distribution and installation of applications across different Linux distributions. Snap packages are containerized to ensure isolation from the rest of the system, enhancing security by restricting the application’s access to the host system’s resources and hardware interfaces.

While these isolation features benefit security, they can also impose limitations. Specifically, for KeePassXC users wishing to utilize a YubiKey for added security, Snap’s default restrictions prevent the application from accessing the USB hardware directly. This is where the raw-usb interface comes into play.

The raw-usb Interface

The raw-usb interface in Snap allows a snap-packaged application to communicate with USB hardware directly, bypassing the usual restrictions. By enabling this interface for KeePassXC, the application can interact with your YubiKey, utilizing it for secure two-factor authentication.

Step-by-Step Guide to Enabling the raw-usb Interface

  1. Open Your Terminal: First, access your terminal. You can do this by pressing Ctrl + Alt + T on your keyboard or searching for “Terminal” in your applications menu.
  2. Execute the Command: In the terminal, type the following command:
 sudo snap connect "keepassxc:raw-usb" "core:raw-usb"

This command instructs your system to enable the raw-usb interface specifically for KeePassXC. Here’s a breakdown of the command:

  • sudo: This prefix grants administrative (superuser) permissions for the operation, which is necessary for modifying system-wide settings.
  • snap connect: This is the command to link a Snap package to a specific interface.
  • "keepassxc:raw-usb": Specifies the KeePassXC snap package and the raw-usb interface within it.
  • "core:raw-usb": Refers to the raw-usb interface the core Snap provides, which grants access to USB devices.
  1. Enter Your Password: After entering the command, you’ll be prompted to enter your password. This is the password you use to log in to your Ubuntu account. Since you’re executing a command with sudo, your password is required to confirm that you have the necessary permissions to make system-level changes.
  2. Confirmation: If successful, you won’t see a detailed message; the lack of error messages typically indicates that the operation was successful. You’ve now enabled KeePassXC to access USB devices directly.

Testing the Configuration

After enabling the raw-usb interface, launch KeePassXC and attempt to use your YubiKey as part of your two-factor authentication setup. If everything is configured correctly, KeePassXC should recognize your YubiKey without any issues.

Conclusion

The security of your digital life is paramount in an era where online threats are increasingly sophisticated. By integrating YubiKey with KeePassXC on Ubuntu, you significantly enhance your digital security posture. The process of enabling the raw-usb interface for KeePassXC, while a bit technical, is a small step with significant benefits for your security setup. It exemplifies the balance between security and usability, allowing you to leverage cutting-edge security hardware without compromising on the convenience and ease of use offered by modern Linux distributions and applications.


Compiling the latest version of YubiKey Personalization Tool on Ubuntu 18.04 LTS

Recently, we were got our hands on some YubiKeys, and we decided to use them to create a Two Factor Authentication System (2FA) for the fun of it! We had at our disposal an updated Ubuntu 18.04 LTS so we installed the personalization tools from the official repositories in order to modify the behavior and configure the YubiKeys.

To our disappointment, when we used ykpersonalize and yubikey-personalization-gui we would get an error that the firmware of the YubiKey was unknown…
At the time, the installation packages from the official Ubuntu repositories had version 3.1.24 for the application version and 1.18.0 for the library version.

We noticed that on the YubiKey Personalization Tools page there were newer versions of both the application and the library. Specifically at the time the Application version was 3.1.26 and the Library Version was 1.19.0. Since both were newer than the versions in the repositories we decided to build them and see if they work right with our YubiKeys.

The instructions in the respective installers, were not 100% complete and the installations failed by blindly following them. To actually make the installations work, we installed the following dependencies and tools before compiling:

sudo apt update -y;
sudo apt upgrade -y;
sudo apt install build-essential -y;
sudo apt-get install pkg-config git autoconf libtool asciidoc-base -y;

After installing the above packages the rest of the installation went smoothly.

Installing the command line tools and the library

cd ~; # or any other folder of your choice
sudo apt-get install libykpers-1-dev libyubikey-dev libusb-1.0-0-dev libjson-c-dev -y;
git clone https://github.com/Yubico/yubikey-personalization.git;
cd yubikey-personalization;
autoreconf --install;
./configure;
sudo make check install;

Installing the Qt based Cross-Platform YubiKey Personalization Tool

cd ~; # or any other folder of your choice
sudo apt-get install qt4-qmake libqt4-dev -y;
git clone https://github.com/Yubico/yubikey-personalization-gui.git;
cd yubikey-personalization-gui;
qmake && make;