Using the KeePassX password manager you can:

  • Store many passwords in an encrypted database which is protected by a single passphrase of your choice.
  • Always use different and stronger passwords, since you only have to remember a single passphrase to unlock the entire database.
  • Generate very strong random passwords.

Create and save a password database

Follow these steps to create a new password database and save it in the persistent volume for use in future working sessions.

To learn how to create and configure the persistent volume, read the documentation on persistence.

  1. When starting Tails, enable the persistent volume.

  2. In the Persistent Volume Assistant, verify that the Personal Data persistence feature is activated. If it is deactivated, activate it, restart Tails, and enable the persistent volume.

  3. To start KeePassX, choose Applications ▸ Accessories ▸ KeePassX.

  4. To create a new password database, choose File ▸ New Database…

  5. The password database is encrypted and protected by a passphrase.

    • Specify a passphrase of your choice in the Password text box, then click OK.
    • Type the same passphrase again in the next dialog, then click OK.
  6. To store the password database in the persistent volume for use in future working sessions:

    • Choose File ▸ Save Database.
    • Enter keepassx in the Name text box.
    • Select Persistent in the list of folders in the left pane.
    • Click Save.

Restore and unlock the password database

Follow these steps to unlock the password database saved in the persistent volume from a previous working session.

  1. When starting Tails, enable the persistent volume.

  2. To start KeePassX, choose Applications ▸ Accessories ▸ KeePassX.

  3. If a password database is found in the persistent volume, a dialog appears and asks for the passphrase to unlock that password database. Enter the passphrase and click OK.

  4. If you enter an invalid passphrase the following error message appears:

    The following error occured while opening the database:
    Hash test failed.
    The key is wrong or the file is damaged.

    Then click OK and try again.

KeePassX user guide

To read the official KeePassX user guide, choose Help ▸ KeePassX Handbook….

Use KeePassX to type a password into Pinentry

When using OpenPGP with Claws Mail or OpenPGP Applet for example, you need to enter a password in a Pinentry dialog box. But you cannot copy and paste into it. This is a security feature of Pinentry based on the fact that otherwise the data in the clipboard could be accessed by another application against your will.

Use the AutoType feature of KeePassX to type a password into a Pinentry dialog box.

  1. Before the Pinentry dialog box appears, open KeePassX and unlock the database.

  2. Use OpenPGP with Claws Mail or OpenPGP Applet until the Pinentry dialog box appears.

  3. Click on the KeePassX logo in the notification area to switch to KeePassX. Right-click on the entry from which you want to use the password, and choose Perform AutoType.

Do not enter a user name in the KeePassX entry, otherwise KeePassX will type it together with the password in the Pinentry dialog box, and the resulting password will be incorrect.