Using the KeePassXC password manager you can:

  • Memorizzare molte password in un database criptato protetto da una singola frase d'accesso a vostra scelta.
  • Utilizzare sempre password diverse e più resistenti, dal momento che vi dovrete ricordare una singola frase d'accesso per sbloccare l'intero database.
  • Generare password casuali molto forti.

Create and save a password database

Follow these steps to create a new password database and save it in the Persistent Storage for use in future working sessions.

To learn how to create and configure the Persistent Storage, read the documentation on the Persistent Storage.

  1. When starting Tails, unlock the Persistent Storage.

  2. In the Persistent Storage settings, verify that the Personal Data feature is turned on.

    Otherwise, turn it on, restart Tails, and unlock the Persistent Storage.

  3. To start KeePassXC, choose Applications ▸ Accessories ▸ KeePassXC.

  4. To create a new database, click Create new database.

  5. Save the database as Passwords.kdbx in the Persistent folder.

  6. Il database è criptato e protetto da una frase d'accesso.

    • Specificate una frase d'accesso a vostra scelta nel box Inserisci password.

    • Inserite nuovamente la stessa frase d'accesso nel box Ripeti password.

    • Cliccate OK.

Restore and unlock the password database

Follow these steps to unlock the password database saved in the Persistent Storage from a previous working session.

  1. When starting Tails, unlock the Persistent Storage.

  2. To start KeePassXC, choose Applications ▸ Accessories ▸ KeePassXC.

  3. If you have a database named Passwords.kdbx in your Persistent folder, KeePassXC automatically displays a dialog to unlock that database.

    Inserite la frase d'accesso per questo database e cliccate OK.

  4. If you enter an invalid passphrase the following error message appears:

    Unable to open the database.
    Wrong key or database file is corrupt.

To store your KeePassX settings in the Persistent Storage, in addition to the password database:

  1. Turn on the Dotfiles feature of the Persistent Storage.
  2. Restart Tails.
  3. Unlock the Persistent Storage in the Welcome Screen.
  4. Choose Places ▸ Dotfiles.
  5. Create the folder /live/persistence/TailsData_unlocked/dotfiles/.config/keepassxc/.
  6. Copy the file ~/.config/keepassxc/keepassxc.ini to

Update the cryptographic parameters of your password database

KeePassXC, included in Tails 4.0 and later, supports the KBDX 4 file format. The KBDX 4 file format uses stronger cryptographic parameters than previous file formats. The parameters of previous file formats are still secure.

To update your database to the latest cryptographic parameters:

  1. Choose Database ▸ Database settings.

  2. In the Encryption tab, change the following parameters:

    • Set Encryption Algorithm to ChaCha20.
    • Set Key Derivation Function to Argon2.
  3. Click OK.

Migrating a password database from Tails 2.12 and earlier

The database format of KeePass 1 (Tails 2.12 and earlier) is incompatible with the database format of KeePassXC (Tails 4.0 and later).

To migrate your database to the new format:

  1. Start KeePassXC.

  2. Choose Database ▸ Import ▸ Import KeePass 1 database.

  3. Select your database, for example keepassx.kdb.

  4. After your database is open, save it to the new format:

    • Choose Database ▸ Save database.
    • Save the database as Passwords.kdbx in the Persistent folder.

    Note that only the file extension is different:

    • kdb for the old format.
    • kdbx for the new format.
  5. This operation does not delete your old database from your Persistent folder.

    You can now delete your old database or keep it as a backup.

Additional documentation

For more detailed instructions on how to use KeePassXC, refer to the KeePassXC guide of the Electronic Frontier Foundation.