KeePassXC

software/nk-app2/keepassxc.rst

@@ -2,22 +2,35 @@ KeePassXC
 =========
 .. _keepassxc:
 
-KeePassXC with Nitrokey 3:
+KeePassXC protected with Nitrokey 3:
 
-To use KeePassXC with the Nitokey 3, a challenge-response secret must be added.
-More information about KeePassXC: https://keepassxc.org/
+More information about `KeePassXC  <https://keepassxc.org/>`__:
 
+.. note::
+
+    The protection of a KeePassXC database with a Nitrokey 3
+    is supported since **KeePassXC version 2.7.6**.
+
+.. important::
+
+    * The Nitrokey 3 can be used as the only factor to unlock the KeePassXC database. 
+    * The Nitrokey 3 can be used as a second factor in addition to a passphrase to unlock the KeePassXC database.
 
-1. Generate a HMAC secret with the Nitrokey App 2
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    .. warning::
+
+       The database can no longer be unlocked if the Nitrokey 3 is lost or unavailable! Thus, you may want to set up a second Nitrokey 3 with the same HMAC secret as a backup device.  
+
+First Step: Generate a HMAC Secret With the Nitrokey App 2
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 1. Open Nitrokey App 2
 2. Select the Nitrokey 3
 3. Select the ``PASSWORDS`` tab
-4. Click on ``+ADD`` to create a new credential
+4. Click on ``ADD`` to create a new credential
 5. Select ``HMAC`` from the algorithm drop-down menu
 
 .. note::
+
     - The credential is automatically named in ``HmacSlot2``.
     - No extra attributes can be saved for the HMAC credential.
     - The HMAC secret must be *exactly 20 bytes* long and in *Base32* format. That is exactly 32 characters.
@@ -27,67 +40,66 @@ More information about KeePassXC: https://keepassxc.org/
    It is also possible to enter your own secret that conforms.
 
 .. important::
+
     * The secret can **only** be seen before saving.
     * If the KeePassXC database is to be used with another Nitrokey 3,
       the challenge-response secret must be copied; 
       this is **only** possible **before saving** the credential.
 
 7. Click on ``SAVE`` to save the credential
 
+First Option: Protect an Existing KeePassXC Database With a Nitrokey 3
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. Open KeePassXC 
+2. Open the existing KeePassXC database that is to be protected with a Nitrokey 3.
+3. Select ``Database`` -> ``Database Security...`` from the menu bar
+4. Select ``Security`` on the left side
+5. Click on the ``Add additional protection...`` button in the ``Database Credentials`` tab
+6. Scroll down to ``Challenge-Response``
+   -> Click on ``Add Challenge-Response``
+7. Now if the Nitrokey 3 is plugged in and a HMAC was generated before, Nitrokey 3 should be displayed in the field.
+
+   Click on ``OK`` to to add the Nitrokey 3 to the existing KeePassXC database
 
-2. Creating a KeePassXC database that is connected to a Nitrokey 3
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 .. note::
-    The connection between a KeePassXC database and the Nitrokey 3
-    is supported since **KeePassXC version 2.7.6**.
+
+    * If the Nitrokey 3 is added to ``Add Challenge-Response``, it is the second factor in addition to the passphrase of a two-factor authorization to protect the KeePassXC database.
+    * If the database is only to be protected by the Nitrokey 3, the passphrase on the button ``Remove Password`` can be deleted.
+
+.. tip::
+
+    If the Nirokey 3 is not recognized, close KeePassXC again completely.
+    Before restarting KeePassXC, connect the Nitrokey 3 to the PC.
+
+
 
+Second Option: Creating a KeePassXC Database, protected by Nitrokey 3
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 1. Open KeePassXC 
 2. Select ``Database`` -> ``New Database...`` from the menu bar.
    Or use the keyboard shortcut ``Ctrl+Shift+N`` to create a new KeePassXC database.
 3. Fill in the display name and an optional description for your new database and click on ``Continue``
 4. Further database encryption settings can now be configured here or the default settings can be retained.
-   The settings can also be changed later in the database settings.
+   The settings can also be changed later in the database settings. `More Information <https://keepassxc.org/docs/>`__
 
-   For more information look here: https://keepassxc.org/docs/
-
    Click on ``Continue`` to confirm the settings
 5. **Database Credential**
 
-   Here you can now enter a password to unlock the database.
+   Here you can now enter a password as a second factor to unlock the database.
    To connect the Nitrokey 3 on which the HMAC secret was generated to the new KeePassXC database,
-
    click on ``Add additional protection...``
-
-.. tip::
-    * If the database is only to be unlocked with the help of a Nitrokey 3, the password can simply be left blank.
-    * If a password is also entered, the Nitrokey 3 is the second factor of the two-factor authorization for unlocking the KeePassXC database. 
-
 6. Scroll down to ``Challenge-Response``
    Click on ``Add Challenge-Response``
 7. Now if the Nitrokey 3 is plugged in and a HMAC was generated before, Nitrokey 3 should be displayed in the field.
    Click on ``Continue`` to complete the creation of the new KeePassXC database
 
+.. note::
 
-.. tip::
-    If the Nirokey3 is not recognized, close KeePassXC again completely.
-    Before restarting KeePassXC, connect the Nitrokey 3 to the PC.
-
-
-3. Connection to an existing KeePassXC database that is connected to a Nitrokey 3
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-1. Open KeePassXC 
-2. Open the existing KeePassXC database that is connected to a Nitrokey 3
-3. Select ``Database`` -> ``Database Security...`` from the menu bar
-4. Select ``Security`` on the left side
-5. Click on the ``Add additional protection...`` button in the ``Database Credentials`` tab
-6. Scroll down to ``Challenge-Response``
-   -> Click on ``Add Challenge-Response``
-7. Now if the Nitrokey 3 is plugged in and a HMAC was generated before, Nitrokey 3 should be displayed in the field.
+    * If the database is only to be protected by the Nitrokey 3, the passphrase can simply be left empty.
+    * If a passphrase is also entered, the Nitrokey 3 is the second factor of the two-factor authorization to protect the KeePassXC database.
 
-   Click on ``OK`` to to add the Nirokey3 to the existing KeePassXC database
+.. tip::
 
-.. note::
-    If the Nirokey3 is not recognized, close KeePassXC again completely.
+    If the Nirokey 3 is not recognized, close KeePassXC again completely.
     Before restarting KeePassXC, connect the Nitrokey 3 to the PC.
-