Password management tools keepass and keepassXC

https://keepass.info/download.html

https://keepassxc.org/download/

Compared with 1P, lastpass, keepass adopts another method, and the developers are also very strong, and its users are not inferior to the former.

Because keepassC# is developed, only Win version is supported. All re-developed keepassx and keepassXC are currently used with keepassXC and the corresponding chrome plug-in. For the mobile terminal, you can refer to download and use. On IOS, KeePassium only supports icloud synchronization. At present, fantasy experience is ok, strongbox is okay, mainly because the free version does not support faceID opening. KeePassium and strongbox are much more expensive than fantasy.

Downloaded gpg file verification

Verify gpg file under Linux

GnuPG (GPG) is a complete and free implementation based on OpenPGP (defined by RFC4880 , also known as PGP ). We can use GPG to encrypt and sign our data and communications, it has a common key management system, and access modules to various public key directories. We can easily use the command line tools provided by GPG (currently it also provides graphical interface tools frontends under different platforms, and library file libraries ) to combine with other applications. It also supports S/MIME and SSH(Security Shell) .

Linux command line, master command line, Window ( Gpg4win ) and other clients

It can be tested after installing the client, gpg --help.

 gpg --output doc.sig --sign doc
gpg --output doc --decrypt doc.sig

verification steps

• Download files: https://keepassxc.org/download/ , KeePassXC-2.7.1-Win64.zip.sig, KeePassXC-2.7.1-Win64.zip, https://keepassxc.org/keepassxc_master_signing_key.asc , download this Three files, which will be used later.
• Help file URL: https://keepassxc.org/verifying-signatures/
• import public key
• the official way
• Method 1: gpg --keyserver keys.openpgp.org --recv-keys CFB4C2166397D0D2
• Method 2: gpg --fetch-keys https://keepassxc.org/keepassxc_master_signing_key.asc
• Method 3: Download the file https://keepassxc.org/keepassxc_master_signing_key.asc , then gpg --import keepassxc_master_signing_key.asc

 gpg --import keepassxc_master_signing_key.asc
gpg: key CFB4C2166397D0D2: 1 duplicate signature removed
gpg: key CFB4C2166397D0D2: 65 signatures not checked due to missing keys
gpg: /home/xxx/.gnupg/trustdb.gpg: trustdb created
gpg: key CFB4C2166397D0D2: public key "KeePassXC Release <release@keepassxc.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found

• Then check: gpg --fingerprint CFB4C2166397D0D2, compare the display on the URL, whether it is consistent

 Desktop gpg --fingerprint CFB4C2166397D0D2
pub rsa4096 2017-01-03 [SC]
BF5A 669F 2272 CF43 24C1 FDA8 CFB4 C216 6397 D0D2
uid [unknown] KeePassXC Release <release@keepassxc.org>
sub rsa2048 2017-01-03 [S] [expires: 2024-12-04]
sub rsa2048 2017-01-03 [S] [expires: 2024-12-04]

• Then start verification: gpg --verify KeePassXC-2.7.1-Win64.zip.sig KeePassXC-2.7.1-Win64.zip

 ~Desktop gpg --verify KeePassXC-2.7.1-Win64.zip.sig KeePassXC-2.7.1-Win64.zip
gpg: Signature made Wed Apr 6 11:18:04 2022 CST
gpg: using RSA key C1E4CBA3AD78D3AFD894F9E0B7A66F03B59076A8
gpg: Good signature from "KeePassXC Release <release@keepassxc.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BF5A 669F 2272 CF43 24C1 FDA8 CFB4 C216 6397 D0D2
Subkey fingerprint: C1E4 CBA3 AD78 D3AF D894 F9E0 B7A6 6F03 B590 76A8

• It is correct as long as using RSA key and Subkey fingerprint are consistent.