Keep your passwords safe in Linux with KeePassX
How many passwords do you have to remember? Or how many client passwords do you have to keep hidden away from prying eyes? If you have too many passwords to remember, I always find it best to store those passwords in some form of encrypted tool. Because of the amount of passwords I have to retain I always make sure I have a tool installed on every personal and/work machine I use. One of those tools is KeePassX.
KeePassX is a Linux only (for now) tool that doesn't just store passwords safely, it stores passwords, usernames, urls, attachments, and comments - all in one convenient, safe location. You can sort your entries in groups and even search KeePassX. In this article I will show you how to install and use KeePassX.
Installation
Installing KeePassX is simple. You can follow one of these methods:
- Open up your Add/Remove Software tool
- Search for "keepassx" (no quotes)
- Mark KeePassX for installation
- Click Apply to  install the tool
Or, to install via command line:
- Open up a terminal window.
- su to root (if you are not using a distro with sudo).
- Issue the command yum install keepassx (or sudo apt-get install keepassx).
That's it. The application is now installed. Now you are ready to use.
Usage
The first thing you have to do is open up the tool. You will find it in Applications > Accessories. When the tool opens you will find a very simple main window (see Figure 1).
In order to create a store for sensitive information you must first create a new database. To do this either click the New button (far left on the toolbar) or click File > New Database. When you do this you will be asked to set the master key for the database. You can either set a password or use a key file. If you opt for a key file you can either a GPG key file you already have, or you can use KeePassX to generate one for you.
If you want to use a gpg key file (and not a randomly generated one, you can use gpg like so, to extract a key:
gpg --export -a "USERNAME" > KEY_FILE
Where USERNAME is the name of the gpg user and KEY_FILE is the name of the file you want to generate.
Once you have your database created you can then begin to add groups and entries to it. This is quite simple. If this particular database is going to contain client information you might want to create a new group for clients. If you intend to only use one database to house all of your information you could always create two groups:
- Clients
- Personal
I would take this even further and add sub-groups to the Clients group, one sub-group for each client.
After you have your groups worked out you can then add entries to them. To add an entry all you need to do is click the Key icon or click Entries > Add New Entry. When the new window pops up you just need to enter the necessary information for the entry.
In the password section you can add a password (and even have it masked) or you can even have KeePassX generate a random password for you. To view the password just click the "eye" icon. The passwords generated by KeePassX are really strong (and impossible to memorize).
If you are using your own passwords, KeePassX will indicate to you how strong they are. For example, one password I use for a particular login was only 88 Bit. Maybe it's time for me to change that password? You can also set KeePassX to expire particular passwords...reminding you to change them so you are a safer users.
Once you have completed your entry, click the OK button and the entry will be stored. Complete the entire database and click File > Save Database and, if this is the first time you've saved this database, KeePassX will ask you to name the database file.
Final thoughts
KeePassX has a lot of features you won't find in other tools of a similar function. Install this on all the machines you use, share the database file between them, and enjoy not having to strain your memory to remember all that trusted information.
Advertisement
What sense have encrypting keys database with public gpg key?
Locknote.exe is a simpler alternative. It is a simple Windows executable that runs perfectly through WINE. It is simply an AES-encrypted text editor, looks just like Windows Notepad, except you create and use a password to open the file. This won’t integrate into Firefox, but if you just want a supersimple way to store and retrieve passwords through encryption, this might fit the bill. Just google locknote.exe to find it. It’s freeware. You need to install WINE to use it in linux.
you are all correct about it being available for Mac and Windows. it was 6:30 in the morning when i started this article…that’s the only excuse i have.
my apologies.
Yes, there are alternatives.. like LastPass, the service I’m curently using. It’s very well integrated into my firefox. Anyway, I’m a bit paranoic and have a few doubts about it. That’s why I’d gladly use something as transparent and open-source as KeePassX.
Lastpass is brilliant!
I use it for all my less secure logins. It too is cross-platform and has good import/export facilities. You can securely share logins even, without needing to share the password.
I use Keepass for the most secure sites though so I have full control over the data.
Regards, Julian Knight
Does it integrate well with firefox? I’m talking about recognizing sites and autofilling forms..
nope. the only thing that ACTUALLY WORKED WELL was Roboform for windows. they’ll never port it to linux, but there are other alternatives (just not as good)
Although KeepassX doesn’t integrate well, Keepass itself DOES. In that it is straight-forwards to write a script that drives logins.
It’s not as good as Roboform (paid) perhaps but pretty reasonable anyway,
Regards, Julian Knight
Just a observation…. KeePassX is available for Linux, Windows and MacOS X. Just check http://www.keepassx.org/downloads
Sorry but there are a few mistakes in this article.
Firstly, KeepassX is NOT Linux only, it is Mac and Windows as well.
Secondly, it should be pointed out that KeepassX is a limited version of Keepass.
The most important thing to note about Keepass is its cross-platform support. Although the original application was Windows only, KeepassX is available, as stated, for Windows, Mac and Linux. But there are also ports for MANY platforms including pure Java, Windows Mobile, U3, Android, iPhone & Blackberry.
In addition, v2 of Keepass is built on .NET and should work under MONO as well so is also cross-platform. [From the web site: Windows 98 / 98SE / ME / 2000 / XP / 2003 / Vista / 7, each 32-bit and 64-bit, Mono (Linux, Mac OS X, BSD, …)]
I’ve used it for some years now and rely on it. You can execute secure scripts and pass passwords and ID’s securely to applications (command line) as well as web browsers. Generate secure passwords, attach files, add notes, run portably from USB sticks, …. – I use it’s scripting capability to mount and unmount TrueCrypt volumes that I only occasionally need for example.
Regards, Julian.
one of my most favorite apps for linux. throw the keepassx db file on my dropbox share & enjoy it on all my linux machines. works great!