Installing KeePass in Fedora 36/37

Since several months there is no official KeePass package in Fedora repositories. There are some alternatives which also use the KeePass file format but they miss the synchronize database functionality.

Are there chances that KeePass will come back into Fedora?

What is the best way to install the current KeePass (2.52) on the current Fedora versions (36 or 37)?

This is a Windows-only tool, not intended to natively run on Linux. See the download section: Downloads - KeePass

The developers state that it should work within wine (wine is in Fedora’s repo). So, you could install wine on Fedora and use KeePass within that.

However, I am not sure if all security guarantees can be transferred to this approach, and it adds attack vectors. Also, there is always a slight risk that Windows executables break after an update or so (update of the tool, or of wine). And automated updates of the tool could also be undermined.

I would try to find an alternative that is developed for Linux. In the repos you have many password managers. KeePassX and KeePassXC seem related to KeePass. Or test other alternatives: maybe there are more supporting your preferred format in the way you want it. Maybe you can start with checking this list: dnf search password | grep manager

Supplement: on winehq, you can find tests of Windows applications within wine, see WineHQ - Search Results for keepass → this approach seems to be not very common. I would not rely on it.

You may also want to follow this bug, 2052696 – (CVE-2022-0725) CVE-2022-0725 keepass: logs plain text passwords in system log when clearing the clipboard

This is indeed unintended. From our side, the problem is CLOSED CANTFIX. One of the project’s team states in the cross-linked project discussion the tool is intended for Windows only, assuming the issue comes from using the tool on Linux through mono for which it was not developed/tested. He notes KeeWeb and KeePassXC as native alternatives for Linux (I have no experience with both). My suggestion remains to not use KeePass on Linux… You also cannot exclude this issue (and comparable issues) when using Wine.

I am wondering that the project abstract still states “easy-to-use password manager for Windows, Linux and Mac OS X”

dnf info keepassxc
Last metadata expiration check: 1:38:13 ago on sáb 15 out 2022 08:45:12.
Installed Packages
Name         : keepassxc
Version      : 2.7.1
Release      : 12.fc36
Architecture : x86_64
Size         : 29 M
Source       : keepassxc-2.7.1-12.fc36.src.rpm
Repository   : @System
From repo    : updates
Summary      : Cross-platform password manager
URL          : http://www.keepassxc.org/
License      : Boost and BSD and CC0 and GPLv3 and LGPLv2 and LGPLv2+ and LGPLv3+ and Public Domain
Description  : KeePassXC is a community fork of KeePassX
             : KeePassXC is an application for people with extremely high demands on secure
             : personal data management.
             : KeePassXC saves many different information e.g. user names, passwords, urls,
             : attachemts and comments in one single database. For a better management
             : user-defined titles and icons can be specified for each single entry.
             : Furthermore the entries are sorted in groups, which are customizable as well.
             : The integrated search function allows to search in a single group or the
             : complete database.
             : KeePassXC offers a little utility for secure password generation. The password
             : generator is very customizable, fast and easy to use. Especially someone who
             : generates passwords frequently will appreciate this feature.
             : The complete database is always encrypted either with AES (alias Rijndael) or
             : Twofish encryption algorithm using a 256 bit key. Therefore the saved
             : information can be considered as quite safe.

I do work with it …

P.S.
With rsync you can sync your database wherever you want.
Where and how does KeePass sync the db file?

1 Like

Thanks for so many replies - I was not aware of the issue with KeePass logging plain text passwords in system log on Linux when clearing the clipboard. It is scary, especially for a program meant to protect your passwords.

With KeePass sync you don’t have to overwrite your *.kbdx file anymore. You just synchronize the entries which changed. For example you can have the same file with your passwords, copy it into multiple computers, add some entries on computer 1 and computer 2, than open keepass and synchronize those two files - it combines the changes.

KeePassXC (and other alternatives) doesn’t have this functionality at all and you have to work on file level. So if you use the same password file on multiple computers locally, you have to always know which password file version is the newest and add entries only to that file. Later you have to overwrite all other versions of this file. This is a mess.

It looks like this: Keepass Synchronization Feature - YouTube

This missing sync feature is the reason why the original KeePass is/was so popular on GNU/Linux. Even on Reddit people are asking for this feature to be added to Linux alternatives to this program (including KeePassXC).

In KeePassXC there is Merge Database functionality bu when using you “end up with a lot of doubles which you had to get rid of by hand” as someone stated on Reddit.

You can Use this, it is gtk client Flathub—An app store and build service for Linux or keepassxc is good option well maintained and mostuse keepass client.

I use the KeePassXC but as said it doesn´t have the database sync functionality I am used to from KeePass. :slight_smile:
Thank you for the hint with GNOME Secrets - it would be nice to have something native in GNOME. I’ve tried it just a moment ago (installed with dnf) but it crashes with “uncaught AssertionError exception” when opening kdbx files - perhaps in the coming Fedora release it will be fixed.

Dnf have not released the newest one use flatpak instead i highly recommend.

KeePassXC has the ability to share and sync a group of entries with external database file:
https://keepassxc.org/docs/KeePassXC_UserGuide.html#_database_sharing_with_keeshare
You can also drag and drop entries from one database to another, do it from a copy of database, just in case you saved some unwanted changes.

My suggestion is using/testing kepassXc. Very nice, I have been working with it for years. There is an extension for firefox, so you can use user/passord without copy and paste, if I remember well, there is the possibility to use a database with two+ clients which can read the database when it changes.

If you point KeePassXC to a Dropbox managed directory for the database then you can easily sync it to/from Android etc.

@wombatz666,
that’s exactly not the type of sync Rob meant. Rob meant the KeePass internal “database sync”, which merges databases which have diverges from each other.

Moritz

@py0xc3 Chris, I tend to disagree. KeePass is also meant to be able to work with Mono - so basically natively under Unix, without Wine:
https://keepass.info/help/v2/setup.html#mono

Yes, that’s why we want it as a regular package from a repo. :slight_smile:

@rbart,
if you are willing to ignore the security issue, because you just absolutely need to have KeePass on your local machine, you can grab a build from my Copr:
https://copr.fedorainfracloud.org/coprs/barsnick/fed-newer/package/keepass/

(Sorry, 2.52 not there yet - will update soon.)

I can split that out into a separate repo if desired. (Adding a copr repo to your installation is very easy.)

DISCLAIMER: I am not fixing said security issue.

Cheers,
Moritz

Thank you, I don’t want to use the not-secured version of the KeePass2. My passwords should stay private. :wink:

From curiosity I tried to reproduce the issue with the plain text passwords in journal on Arch Linux system but I somehow was not able to. Is it just a Fedora specific issue?