kdbx file with YubiKey challenge-response master key saved by KeePassDX can't be opened by keepassxc

andyli commented 9 months ago

Describe the bug

I have an existing kdbx file. Recently, I enabled YubiKey challenge-response on top of a password, using KeePassXC on Windows. The file can be opened and decrypted by KeePassXC on Windows and KeePassDX on Android, using the same master password and YubiKey. However, once I save it with KeePassDX on Android, even without any changes to the entries, the kdbx file can no longer be decrypted by KeePassXC on Windows, but still decryptable by KeePassDX on Android.

To Reproduce

Here is the kdbx file with all passwords removed: yubikey-sample-kdbx.zip

"password-only.kdbx": Master password is test, no hardware key. Can be opened correctly by KeePassXC on Windows and KeePassDX on Android.
"password-and-yubikey.kdbx": Created from "password-only.kdbx" but with master key changed to include YubiKey challenge-response, using KeePassDX on Android. The YubiKey's slot 2 was configed as HMAC-SHA-1 challenge-response, with secret key 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00. The file can be opened correctly by KeePassDX on Android, but not by KeePassXC on Windows.

Steps to reproduce the behavior:

Open "password-only.kdbx" in KeePassDX on Android, password is test
Go to settings and change master key, input test as password, select Yubikey challenge-response.
Save the file.
Open the file with KeePassXC on Windows, try to decrypted, "invalid credencials" error message will be shown.

Expected behavior

kdbx files saved in KeePassDX on Android can be opened and decrypted by KeePassXC on Windows.

KeePass Database

Created with: probably created by KeePass2 on Windows, many years ago
Location: Remote file retrieved with Dropbox app
File provider (content:// URI): content://com.dropbox.android.FileCache/filecache/xxxxxxxxxxx.kdbx
Size: 17KB
Contains attachment: No

KeePassDX: