KeePassXC issues

Continuing the discussion from `copy-username` not working with `pass` anymore?:

I have installed KeepPassXC with

(define-configuration buffer
  (
    ;; Emacs key  bindings set in auto-config.lisp.
    ...
    ;; We are using KeePassXC for password management:
    (password-interface (make-instance 'password:keepassxc-interface))
    )
  )

and with

(define-configuration password:keepassxc-interface
  ((password:password-file "/home/ko/personal/Passwords.kdbx")))

in my init.lisp.

  1. As I mentioned in the thread referenced above, when I visit a site and I execute copy-username, as @aartaka explained, first Nyxt prompts me for the location of the password file. Shouldn’t it know that? I’ve already set it above.
  2. Is it possible to avoid having to type the password needed by KeePassXC to open the password file?

Thanks.

Hi again!

For your first question, I don’t know and don’t have the time to test myself right now.
When you’re launching nyxt in a terminal, does it output any warning or errors about your configuration file?
If it doesn’t, well, someone will have to come with a better answer than that :sweat_smile:

As for your second question, KeepassXC saves all of your passwords in an encrypted file (the database), which you can unlock by giving your main password.
To bypass the burden of having to type your main password each times, password managers usually comes with the option of asking your main password once to keep it in memory for either a given period of time or for the duration of your session.
Such handling of in-memory passwords are usually managed by an agent (pass uses gpg-agent for instance).
Sadly, I think this issue on the KeepassXC side seems to indicate that it doesn’t have such feature as of now.

As for the terminology used in the prompt, what about Database file, Main password and either Copy userame or Copy password?

My answer is quite likely to provoke further questions, but still: change password:keepassxc-interface to password:user-keepassxc-interface and it should work fine.

Why?

  • The short answer is that you’re configuring the password:keepassxc-interface and this configuration is saved as password:user-keepassxc-interface, not the original class. So you have to use the configured one to enforce your configuration.
  • The long answer I am not ready to give, as

For your first question, I don’t know and don’t have the time to test myself right now.
When you’re launching nyxt in a terminal, does it output any warning or errors about your configuration file?

No errors, but I think @aartaka answers this question below.

As for your second question, KeepassXC saves all of your passwords in an encrypted file (the database), which you can unlock by giving your main password.
To bypass the burden of having to type your main password each times, password managers usually comes with the option of asking your main password once to keep it in memory for either a given period of time or for the duration of your session.
Such handling of in-memory passwords are usually managed by an agent (pass uses gpg-agent for instance).
Sadly, I think this issue on the KeepassXC side seems to indicate that it doesn’t have such feature as of now.

I’m not averse to switching to pass if it handles this issue better. Does it?

As for the terminology used in the prompt, what about Database file, Main password and either Copy userame or Copy password?

Yes, something along these lines would be good.
Thanks for your help.

Ah, thanks.
As for the long answer, I understand it’s Saturday, and everybody, including brains, needs sleep.
I will likely wait for the fix to the configuration issue.
Thanks very much.

Hope everyone had a great WE :slightly_smiling_face:

I’m not averse to switching to pass if it handles this issue better. Does it?

At least it handles it differently and I never had any problem with it.
But I may be biased because I use it since several years.

At least here’s the main point that could makes it a bad idea to switch:

  • pass is mainly a CLI-oriented program (at least, its original implementation. There are many third-party GUIs)
  • It’s a bit less secure by default than KeepassXC as it uses the filesystem as a database and ~/.password-store leaks the entries (not their contents! - but there are extensions to prevent that)
  • The main implementation is a bash script. I don’t think Nyt relies on it but I guess it’s noteworthy.
  • You need to generate a GPG key and maintain it to use pass.
  • You may need to use git to synchronize between multiple hosts.

I think all these points are actually great selling points, but if you’re not in the right mindset, I’m afraid the user experience might comes as a surprise.
KeepassXC is more user-friendly in that it does a lot for you. pass requires you to explicitely manage a GPG identity, and relies much more on third-party tools for most advanced usecases.

With all that’s said, if you’re still willing to try it, here’s what you need to get started:

  • The main page will help you quickly setup pass and describe how to use it.
  • You may have a look at this to import your keepassxc database automagically This will also nicely describe how to install and use extensions to pass.

After a lot of experimentation and trial-and-error, I’m still having problems with this, so please bear with me.

I now have in my auto-config.lisp

(define-configuration buffer
  (
    (default-modes (append '(nyxt::emacs-mode) %slot-default%))
    (password-interface (make-instance 'password:user-keepassxc-interface))
    )
  )

(define-configuration password:user-keepassxc-interface
  ((password:password-file "/home/ko/personal/Passwords.kdbx")))

And no other password-related stuff in init.lisp.
Still, when I visit a new web page and try copy-username, I am asked for the location of the password file.

The only suspicious thingI see is that when I start nyxt, there seems to be a problem with line 8 of auto-config.lisp:


[ko@wiley ~/build/nyxt]$ nyxt
<INFO> [19:16:25] Listening to socket #P"/var/run/user/1001/nyxt/nyxt.socket".
Nyxt version 2.1.1-1933-gb8349d4e
<INFO> [19:16:25] Loading Lisp file #P"/usr/home/ko/.config/nyxt/auto-config.lisp".
While evaluating the form starting at line 8, column 0
  of <INFO> [19:16:25] Loading Lisp file #P"/usr/home/ko/.config/nyxt/init.lisp".
<INFO> [19:16:25] GTK extensions directory: #P"/usr/home/ko/build/nyxt/libraries/web-extensions/"
<INFO> [19:16:25] Loading #P"/usr/home/ko/.local/share/nyxt/history/default.lisp".
#P"/usr/home/ko/.config/nyxt/auto-config.lisp":
WARNING: Key was bound to REMOVE-SEARCH-HINTS
WARNING: Key was bound to SEARCH-BUFFER
WARNING: Key was bound to #<KEYMAP {100E67ACA3}>
The WebExtensions support library is loaded
The WebExtensions support library is loaded
The WebExtensions support library is loaded
<INFO> [19:16:35] GTK extensions directory: #P"/usr/home/ko/build/nyxt/libraries/web-extensions/"
WARNING: Key was bound to REMOVE-SEARCH-HINTS
WARNING: Key was bound to SEARCH-BUFFER
WARNING: Key was bound to #<KEYMAP {1009D6D3C3}>
...

Thanks for all the helpful info.

I installed password-store (that’s what it’s called in FreeBSD), but got stuck trying to import a .csv file with my saved passwords.
After some effort (I installed the pass-import extension etc.) I gave up and reverted to keepassxc, where the import works easily.
Also see my latest reply to @aartaka here.

Try doing (define-configuration password:keepassxc-interface ...) instead of configuring password:user-keepassxc-interface. The user- classes are the place to store the configuration of the configurable classes, they are not to be configured directly.

Ah, at last it works, thanks very much.

One more question: I can fill in usernames and passwords using C-c u and C-c p.
However, these operations are very slow, each one takes at least 5 seconds.
I know that nyxt runs keepassxc-cli as an external command.
How can I see exactly what it runs so I can debug it?

Oh, sorry, this question slipped out of my inbox :frowning:

To see what code password commands run, see nyxt/password-keepassxc.lisp at master · atlas-engineer/nyxt · GitHub

Hello. Reviving this thread because it seems appropriate one to seek help for keepassxc usage in Nyxt.
I am using Guix system and seeking to make a transition to using Nyxt as my primary browser. I want help in specifying a keyfile option for keepassxc-cli since I use a keyfile in addition to the password to secure my keepassxc database. I am a rookie with regards to commonlisp coding, so can’t experiment much. But after browsing the source code, it appears that keepassxc-interface does not a field to support keyfile

Indeed @milindkamble, KeePassXC interface didn’t have support for keyfiles. But now it does: libraries/password-manager/password-keepassxc: Add key file support. · atlas-engineer/nyxt@5be9ee6 · GitHub. You can try building from master to try this keyfile support out.

Thank you @aartaka for promptly providing the enhancement. I read the build-scripts/nyxt.scm and could successfully build to the latest commit on master branch. The key file option works now and I am able to open the keepassxc database.
However, clipboard is not working. Calling copy-username and copy-password functions displays the message that the item was copied to clipboard, but then C-y to yank the item in an input form field.
Any guidance about clipboard usage will be highly appreciated. I am reading the password.lisp file to see if there are different classes of clipboards. But it doesn’t seem that way.

I figured it out. Turns out I did not have xclip(or alternatives installed). Trail of discovery was: nyxt keepassxc-interface executes “keepassxc-cli clip …” in methods clip-password and clip-username. When I ran the command in the shell, keepassxc-cli notified that it could not find anysuitable “clipping program”. Looked into keepassxc source code and found it tries several programs such as wl-copy (if running wayland), xclip (if plain old X server) and pbcopy (if MacOS). Installed xclip on my system and I can paste after copy-username and copy-password

Glad to hear that! Note that xclip (or alternatives) is also used with some Nyxt-internal functionality too, so one has to install it for Nyxt to work properly anyway :slight_smile:

Hello, was over reading this conversation and I am having issues pasting my password using pass, login seems to work but it never gets the password right I have to get it from gopass(pass compatible) manually on the command line, and I notice @aartaka mentions nyxt uses xclip or alternatives wondering if it uses wl-clipboard 2.0 — xclip for Wayland, and most people now a days we use wayland does nyxt supports wl-clippboard 2.x? cheers

Well, if login goes fine, then password should copy/paste fine too! Does it paste at least something?

I have a vague feeling that some of the pass output may be misread by Nyxt. Can you try and see which kind of characters break? Does it cut out the last part of the password? Does it corrupt it somewhere in the middle? What makes it unusable?

Now, answering your question directly: yes, Nyxt on Wayland should use wl-clipboard!

With keepassxc I am not facing any issues copying either username or passwords.

Going beyond that, I now see that the master password needs to be entered many times either after going through a suspend-wake cycle of the laptop or after some intrinsic time out. I have looked into the code, but there doesn’t seem to be anything that resets/clears the master password after some parametrized delay. I also tried to config the string value of master password - I know that is clearly a dumb thing to keep clear text password in the config file. But it is just an experiment to see if there is a way to avoid entering the password. Eventually i plan to write a helper function to read the password from an encrypted file using a ‘gpg -d’ subprocess output - which should work automatically because gpg-agent will be already running.

My $HOME/.config/nyxt/auto-config.3.lisp file contains the following
(defmethod customize-instance ((input-buffer input-buffer) &key)
(disable-modes* 'nyxt/vi-mode:vi-normal-mode input-buffer)
(enable-modes* 'nyxt/emacs-mode:emacs-mode input-buffer))
(defmethod customize-instance
(
(nyxt/password-mode::keepassxc-interface
nyxt/password-mode::keepassxc-interface)
&key)
(setf (slot-value nyxt/password-mode::keepassxc-interface
'password:sleep-timer)
150)
(setf (slot-value nyxt/password-mode::keepassxc-interface
'password:master-password)
“OBFUSCATED”))

The point for the moment is that setting the master password through the config file does not work. I am still prompted for password when I execute copy-password command.
I’ll appreciate if someone can guide me for the following:

  1. How to have nyxt remember the master password after it is entered the first time, ie it does not magically expire
  2. How do I reach to the nyxt/password::keepassxc-interface object from the nyxt repl for a given buffer? If I type in (find-symbol “KEEPASSXC-INTERFACE” “NYXT/PASSWORD-MODE”) I do get something like
    v7922.0 = nyxt/password-mode::keepassxc-interface
    v7922.1 = :internal
    so the pacakgename and variable name is good, but if I type

nyxt/password:: keepassxc-interface in a cell in the repl buffer, I get an unbound variable error

  1. Being a beginner in common-lisp w.r.t. concepts of CLOS, object introspection and nyxt data structures itself, my understanding so far is that the keepassxc-interface might be buffer local object in every buffer. If so what do I need to type in the REPL to find out the master-password slot value of the keepassxc-interfaceobject of any given buffer.

TIA