On Wednesday, 8 August 2018 13:34:14 UTC-4, Arnulf Maria Bultmann wrote: > Hello, > I use my yubikey besides other things as a password safe. under windows there > is no problem to use the yubikey to type in the password into keepass. > Now I want to use the yubikey for thesame procedure under qubes 4.0. > I use a security-vm for keepass and connect the yubikey from sys-usb to > security-vm. It's no problem to use the personalization gui. but how can I > use the yubikey in this vm as a kind of usb-keyboard to put the stored > password into keepass or for example an editor? > thanks in advance for your help > Arnulf
I don't think USB keyboards attach to AppVMs normally. They attach to dom0, and use the qubes-gui windows manager to type and control mouse movement and clicks. So if you were to attach it to an AppVM.. I am not sure it could even type into the session you are viewing. Keyboards and mice have to attach to dom0 in order for it to interact with the windows it renders. Have you considered using Chal/Resp instead of static password? It is way more secure since you are not using one password for everything... and the secret never gets send across USB. Keepass works with Challenge / Response, and even works with LUKS encryption of Qubes OS. KeeChallenge and OtpKeyProv plugin for Keepass running on mono in a debian AppVM. Then you can attach the Yubikey to that vm, and Challenge Response with something you know.. opens the vault. http://richardbenjaminrush.com/keechallenge/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/225ee7fe-639a-4099-b307-ff4a2718d73a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.