KeepassXC and KeePassium compatibility issues with YubiKey

[hoffe86]

Description I am facing the issue that I am not able to open databases with masterkey and YubiKey (HMAC-SHA1 Challenge-Response) in KeePassium when the database was configured with KeePassXC. Same issue is occuring in KeePassXC when configuring the Challenge-Response in Keepassium.

Keepass Database was used in the past with Keepass/KeeChallenge and was migrated to KeePassXC

How to reproduce Steps to reproduce the behavior:

1. Adding Challenge-Response in KeePassXC (YubiKey connect via USB) and keep the Password indentically
2. Saving database file
3. Synching database file via Microsoft OneDrive to iPhone
4. Open keepass database in KeePassium on iPhone using Password and YubiKey (NFC)
5. Message is appearing that Password is not correct

As already menionted in the description the other direction is also leading in the same issue.

Expected behavior Keepass database can be opened in KeePassium and KeePassXC when using YubiKey with "HMAC-SHA1 Challenge-Response" security mechanism. Does not matter if the "HMAC-SHA1 Challenge-Response" option was configured in KeePassium or KeepassXC.

Environment:

Mobile Phone:

• Device: iPhone 13
• OS: iOS15.5
• App Version: 1.34.113

PC:

• Device: Microsoft Surface Book 3
• OS: Windows 11 (Build 22000.739)
• KeePass XC Version: 2.7.1

[hoffe86]

Added missing option for NFC configuration on YubiKey and it works now

[keepassium]

Thank you!

Added missing option for NFC configuration on YubiKey and it works now

Do you mean enabling OTP over NFC?

If yes, it is odd that the error was "Invalid password"… Normally it should have been something more cryptic ("YubiKey select applet failed with code 0x6A82").

[hoffe86]

No it was the PIV option for the NFC profile and the message was really "Password is wrong".