Hello,
Wanted to pass along some issues I've noticed in getting ykDroid to work with Keepass2Android app on my device running Android 9 using a YubiKey 5 NFC.
I originally tried to set up the challenge response function via the KeePass 2.40 desktop application. While everything worked seamlessly on the desktop, I couldn't even get the database to start unlocking on Keepass2Android. My initial setting for the Master Key was: "Password + Challenge Response." Then when I set the Master Key setting to "Password + Challenge-Response for KeePass XC", I was able to start unlocking the database and ykDroid was invoked allowing me to scan my YubiKey via NFC. However, in spite of both the password and Challenge-Response key being correct, I received an error message about the composite key being always being incorrect.
I then read a review on Google Play by another user saying that ykDroid worked well with a KeePassXC created database. With a little trial and error, I noted the following:
- I opened my database in KeePassXC and made the following changes to the database settings:
- Set "Encryption Algorithm" to AES-256
- Set "Key Derivation Function" AES-KDF (KDBX 4) after having this set to Argon 2 (KDBX 4)
- Used KeePassXC to Change Master Key and configure YubiKey Challenge-Response. I didn't think
this would make a difference, but IT DOES!) One cannot use the same challenge response setting to
open the same database on KeePassXC and KeePass 2.40. The setting and encryption are application
dependent.
I realize the above is not an a issue that can be addressed with an update to ykDroid alone, but wondered why nothing works when the "Password Challenge-Response" option for Keepass2Android is selected for sign-in. But, when the MasterKey setting is changed to "Password + Challenge-Response for KeePass XC" AND KeePassXC is used to change the Master Key and configure the challenge response option for sign-in, everything works fine.
Just wanted to pass along these observations to potentially help others out there make this app, Keepass2Android and their YubiKey work as intended.
Hello,
Wanted to pass along some issues I've noticed in getting ykDroid to work with Keepass2Android app on my device running Android 9 using a YubiKey 5 NFC.
I originally tried to set up the challenge response function via the KeePass 2.40 desktop application. While everything worked seamlessly on the desktop, I couldn't even get the database to start unlocking on Keepass2Android. My initial setting for the Master Key was: "Password + Challenge Response." Then when I set the Master Key setting to "Password + Challenge-Response for KeePass XC", I was able to start unlocking the database and ykDroid was invoked allowing me to scan my YubiKey via NFC. However, in spite of both the password and Challenge-Response key being correct, I received an error message about the composite key being always being incorrect.
I then read a review on Google Play by another user saying that ykDroid worked well with a KeePassXC created database. With a little trial and error, I noted the following:
this would make a difference, but IT DOES!) One cannot use the same challenge response setting to
open the same database on KeePassXC and KeePass 2.40. The setting and encryption are application
dependent.
I realize the above is not an a issue that can be addressed with an update to ykDroid alone, but wondered why nothing works when the "Password Challenge-Response" option for Keepass2Android is selected for sign-in. But, when the MasterKey setting is changed to "Password + Challenge-Response for KeePass XC" AND KeePassXC is used to change the Master Key and configure the challenge response option for sign-in, everything works fine.
Just wanted to pass along these observations to potentially help others out there make this app, Keepass2Android and their YubiKey work as intended.