Use certkey multi provider

  • kyrylo

    kyrylo - 2014-03-02

    Hello to all

    I use keepass recently and am very proud of this essential tool.

    I would like to share with multiple users based data. as I do not want to use the same secret I installed the plugin multi Certkey provider but I can not use it and I did not find any explanatory tutorial.

    can you confirm that it is possible not shared the same secret? Is it possible to use a password for the database + certificate to authenticate the user and the machine?

    to enable us to trace and identify the connection

    she difference between Certkey provider plugin and multi Certkey provider?

    sorry for the mistakes I'm French

    thank you

    Last edit: kyrylo 2014-03-02
  • Paul

    Paul - 2014-03-03

    My reading of the CertKeyProvider guide is as follows.
    1. Issue personal certificates to everyone who needs to use the database.
    2. Collect the public key of all those certificates in your addressbook store or "my" store.
    3. Encrypt the database by choosing all public certificates from your store. A key file will be created with name = database name.
    4. The key file should be stored and distributed with the database. This is normally a bad idea but the key file is encrypted with the certificate public keys, so it is safe.

    Users should now be able to open the database using the key file decrypted with their own certificate.

    Adding a new user would require new database / key generation after adding the public key to your store. This is a lot of admin IMO.

    Preventing private key export would be useful to prevent users taking the certificate to an un-authorised location.

    cheers, Paul

    p.s. If you have lots of users it may be worth paying for a multi user system such as the one from Pleasant Solutions.

  • kyrylo

    kyrylo - 2014-03-05

    Hello and thank you for your reply

    Database that I want to share will be hosted on an FTP server
    If you do not mind, I have some additional questions:

    • Personal certificates to be issued to users are there windows certificates?

    • How to encrypt the database by choosing all personal certificates for each user

    • In your opinion is it more prudent to leave a copy of the database locally on the user's computer and to sync directly or ouvir single database server.

    • I do not understand the difference between the plugin and Multi CertKeyProvider Certkey?

    • I can see the plugin in the list of installed plugins but nowhere software or configuration changes.

    Thank you very much for your help

  • Paul

    Paul - 2014-03-06

    Yes, the certificates are personal ones, probably issued by your CA, or from a commercial site.

    It seems you need to select the public keys of all users who need to open the database as part of the key file generation. It is the key file that allows you to open the database.

    You need to update the key file after adding / removing user access so that would need to be pushed to users. The database can be left on the FTP server and then users can sync as required. I would add an audit trigger if your users have write access.

    I don't know the difference either.

    Once the plug-in is installed you should have a new key provider when you are on the master password screen.

    cheers, Paul

  • kyrylo

    kyrylo - 2014-04-29


    Firstly thank you for taking time to answer me and I appreciate your answers.

    But I still can not find a solution.

    I want to use a single authentication (for each user) on the same database (one database)

    according to my research, keepass does not allow this.
    I looked at dozens of forums

    I do not know how to encrypt database in all my public receuillant Clée.

    Can you confirm that private Clée = Public Key
    several different private Clée can not be associated with a single public Clée?

    Sorry again and thank you great

  • kyrylo

    kyrylo - 2014-04-29

    I use the keychain Clee windows manager and when I select the multi Certkey plugin. it offers only use RSA key but the choice of a single key, not more

    thank you

  • Paul

    Paul - 2014-05-01

    Correct, KeePass has one and only one master key. If you use a key file you could place it in a limited access folder so only authorised users have access.

    I don't know Clee manager so can't comment.

    cheers, Paul


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks