Keepass with webdav on ubuntu

From HeepyWiki
Jump to: navigation, search

Packages

Don't use the regular packages unless they have keepass version > 2.20; earlier versions can't cut/paste on linux at all. Instead add from jtaylor's ppa repo, and get xsel and xdotool as well, which it uses to try to sort of cut/paste on linux.

apt-add-repository ppa:jtaylor/keepass
apt-get update
apt-get install keepass2
apt-get install xsel xdotool

For convenience, you can create a global hotkey to run /usr/bin/keepass2 --auto-type so that it can try to type your name/pw into websites automatically.

SSL certificate validation

If you need to use a webdav/https source for the database, and it uses a CA that's not trusted by default, you also need "certmgr" from the mono-devel package, because mono ignores the OS's normal CA certificate bundle, and uses its own instead.

get the cert for the CA that signed your server cert, then run

certmgr -add -c Trust yourCAcert.crt

Without this, upon trying to access a SSL-protected resource (e.g., webdav) it will fail with an unhelpful error message that doesn't tell you anything about what went wrong. When you start keepass2, you can now use Open from URL/Save to URL to access your encrypted key db.

Cut and Paste

Cut and paste doesn't really work right, but it works enough to be sort of usable. Most normal X apps in linux will use the X PRIMARY selection buffer by default. This is the buffer you copy into by simply selecting text, and paste out of typically by using the middle mouse button. Keepass2, even with xsel installed, uses the CLIPBOARD selection instead - this is the buffer you copy into typically using right-click->Copy in apps that support it, and paste out of using right-click->Paste. This generally works ok with things like browsers, but isn't accessible everywhere - for instance, you can't use it in xterm. The X primary selection works everywhere, and it might be worth while to modify keepass2 to use it on linux.

As a workaround, after copying a selection within keepass2, you can open a terminal window and run "xsel -b" which will dump the contents of the CLIPBOARD buffer to the terminal; then you can select it and it will be in the PRIMARY selection, from which you can paste it anywhere. Not great, but at least usable.

Simultaneous access

Keepass2 tries to avoid having multiple instances overwrite the database, but it's pure lunacy to expect lockfile-based locking to work safely over webdav, so really it is safest to avoid having more than one copy running anywhere at a given time, and certainly never to save the db to webdav unless you are sure there are no other copies running. This is a pretty significant hit to usability, but without a dedicated db service, it's the best you get. You might be able to get some degree of recoverability by using a webdav server like ownCloud which keeps historical versions of files (or claims to -- I haven't verified that it really does so usefully)