KeePassXC issues

Continuing the discussion from `copy-username` not working with `pass` anymore?:

I have installed KeepPassXC with

(define-configuration buffer
  (
    ;; Emacs key  bindings set in auto-config.lisp.
    ...
    ;; We are using KeePassXC for password management:
    (password-interface (make-instance 'password:keepassxc-interface))
    )
  )

and with

(define-configuration password:keepassxc-interface
  ((password:password-file "/home/ko/personal/Passwords.kdbx")))

in my init.lisp.

  1. As I mentioned in the thread referenced above, when I visit a site and I execute copy-username, as @aartaka explained, first Nyxt prompts me for the location of the password file. Shouldn’t it know that? I’ve already set it above.
  2. Is it possible to avoid having to type the password needed by KeePassXC to open the password file?

Thanks.

Hi again!

For your first question, I don’t know and don’t have the time to test myself right now.
When you’re launching nyxt in a terminal, does it output any warning or errors about your configuration file?
If it doesn’t, well, someone will have to come with a better answer than that :sweat_smile:

As for your second question, KeepassXC saves all of your passwords in an encrypted file (the database), which you can unlock by giving your main password.
To bypass the burden of having to type your main password each times, password managers usually comes with the option of asking your main password once to keep it in memory for either a given period of time or for the duration of your session.
Such handling of in-memory passwords are usually managed by an agent (pass uses gpg-agent for instance).
Sadly, I think this issue on the KeepassXC side seems to indicate that it doesn’t have such feature as of now.

As for the terminology used in the prompt, what about Database file, Main password and either Copy userame or Copy password?

My answer is quite likely to provoke further questions, but still: change password:keepassxc-interface to password:user-keepassxc-interface and it should work fine.

Why?

  • The short answer is that you’re configuring the password:keepassxc-interface and this configuration is saved as password:user-keepassxc-interface, not the original class. So you have to use the configured one to enforce your configuration.
  • The long answer I am not ready to give, as

For your first question, I don’t know and don’t have the time to test myself right now.
When you’re launching nyxt in a terminal, does it output any warning or errors about your configuration file?

No errors, but I think @aartaka answers this question below.

As for your second question, KeepassXC saves all of your passwords in an encrypted file (the database), which you can unlock by giving your main password.
To bypass the burden of having to type your main password each times, password managers usually comes with the option of asking your main password once to keep it in memory for either a given period of time or for the duration of your session.
Such handling of in-memory passwords are usually managed by an agent (pass uses gpg-agent for instance).
Sadly, I think this issue on the KeepassXC side seems to indicate that it doesn’t have such feature as of now.

I’m not averse to switching to pass if it handles this issue better. Does it?

As for the terminology used in the prompt, what about Database file, Main password and either Copy userame or Copy password?

Yes, something along these lines would be good.
Thanks for your help.

Ah, thanks.
As for the long answer, I understand it’s Saturday, and everybody, including brains, needs sleep.
I will likely wait for the fix to the configuration issue.
Thanks very much.

Hope everyone had a great WE :slightly_smiling_face:

I’m not averse to switching to pass if it handles this issue better. Does it?

At least it handles it differently and I never had any problem with it.
But I may be biased because I use it since several years.

At least here’s the main point that could makes it a bad idea to switch:

  • pass is mainly a CLI-oriented program (at least, its original implementation. There are many third-party GUIs)
  • It’s a bit less secure by default than KeepassXC as it uses the filesystem as a database and ~/.password-store leaks the entries (not their contents! - but there are extensions to prevent that)
  • The main implementation is a bash script. I don’t think Nyt relies on it but I guess it’s noteworthy.
  • You need to generate a GPG key and maintain it to use pass.
  • You may need to use git to synchronize between multiple hosts.

I think all these points are actually great selling points, but if you’re not in the right mindset, I’m afraid the user experience might comes as a surprise.
KeepassXC is more user-friendly in that it does a lot for you. pass requires you to explicitely manage a GPG identity, and relies much more on third-party tools for most advanced usecases.

With all that’s said, if you’re still willing to try it, here’s what you need to get started:

  • The main page will help you quickly setup pass and describe how to use it.
  • You may have a look at this to import your keepassxc database automagically This will also nicely describe how to install and use extensions to pass.

After a lot of experimentation and trial-and-error, I’m still having problems with this, so please bear with me.

I now have in my auto-config.lisp

(define-configuration buffer
  (
    (default-modes (append '(nyxt::emacs-mode) %slot-default%))
    (password-interface (make-instance 'password:user-keepassxc-interface))
    )
  )

(define-configuration password:user-keepassxc-interface
  ((password:password-file "/home/ko/personal/Passwords.kdbx")))

And no other password-related stuff in init.lisp.
Still, when I visit a new web page and try copy-username, I am asked for the location of the password file.

The only suspicious thingI see is that when I start nyxt, there seems to be a problem with line 8 of auto-config.lisp:


[ko@wiley ~/build/nyxt]$ nyxt
<INFO> [19:16:25] Listening to socket #P"/var/run/user/1001/nyxt/nyxt.socket".
Nyxt version 2.1.1-1933-gb8349d4e
<INFO> [19:16:25] Loading Lisp file #P"/usr/home/ko/.config/nyxt/auto-config.lisp".
While evaluating the form starting at line 8, column 0
  of <INFO> [19:16:25] Loading Lisp file #P"/usr/home/ko/.config/nyxt/init.lisp".
<INFO> [19:16:25] GTK extensions directory: #P"/usr/home/ko/build/nyxt/libraries/web-extensions/"
<INFO> [19:16:25] Loading #P"/usr/home/ko/.local/share/nyxt/history/default.lisp".
#P"/usr/home/ko/.config/nyxt/auto-config.lisp":
WARNING: Key was bound to REMOVE-SEARCH-HINTS
WARNING: Key was bound to SEARCH-BUFFER
WARNING: Key was bound to #<KEYMAP {100E67ACA3}>
The WebExtensions support library is loaded
The WebExtensions support library is loaded
The WebExtensions support library is loaded
<INFO> [19:16:35] GTK extensions directory: #P"/usr/home/ko/build/nyxt/libraries/web-extensions/"
WARNING: Key was bound to REMOVE-SEARCH-HINTS
WARNING: Key was bound to SEARCH-BUFFER
WARNING: Key was bound to #<KEYMAP {1009D6D3C3}>
...

Thanks for all the helpful info.

I installed password-store (that’s what it’s called in FreeBSD), but got stuck trying to import a .csv file with my saved passwords.
After some effort (I installed the pass-import extension etc.) I gave up and reverted to keepassxc, where the import works easily.
Also see my latest reply to @aartaka here.

Try doing (define-configuration password:keepassxc-interface ...) instead of configuring password:user-keepassxc-interface. The user- classes are the place to store the configuration of the configurable classes, they are not to be configured directly.

Ah, at last it works, thanks very much.

One more question: I can fill in usernames and passwords using C-c u and C-c p.
However, these operations are very slow, each one takes at least 5 seconds.
I know that nyxt runs keepassxc-cli as an external command.
How can I see exactly what it runs so I can debug it?

Oh, sorry, this question slipped out of my inbox :frowning:

To see what code password commands run, see nyxt/password-keepassxc.lisp at master · atlas-engineer/nyxt · GitHub