Feature request: YubiKey support #25
Comments
|
Now the feasibility part. Yubico Mobile iOS SDK does not seem to support the challenge-response mode. Yubico support confirmed this:
The bad news: unfortunately, Yubikey challenge-response is impossible in iOS at the moment, due to the system-imposed NFC limitations. The good news: Yubico are planning to provide this mode with the upcoming Lightning-enabled keys. |
|
Any updates about this feature? Yubico recently released their first key using a lightning connector and the corresponding iOS SDK received a major update to v2.0.0. |
|
Yeah, I saw the announcement and have ordered the 5Ci key yesterday. Unfortunately, the challenge-response mode is still not supported by the SDK 2.0. The good news is that there is a raw mode that might be used as a workaround (basically, implementing the challenge-response exchange at the app side). I plan to explore this once I receive the hardware. |
|
You should look at the NFC capabilities in the new iOS version as well. Apple will enable sending and receving of NDEF messages which should allow using NFC enabled Yubikey in any mode. |
|
Good point, @Janhouse. I have opened an issue in Yubico's repository, let's see what they say. |
|
Does KeePass Android support YubiKey challenge-response mode ? |
|
@imakhalova, keepass2android does, KeePassDX is planning to. I could not find anything specific about KeePassDroid, though. |
|
I've received the new YubiKey 5Ci (with Lightning connector) today and got some proof-of-the-concept code working. There are no news about the NFC keys, though... Stay tuned and upgrade to 5Ci :) |
|
YubiKey integration is now ready for your beta feedback! I'm sorry it took way longer than expected (mainly thanks to the minefield they call "iOS 13"). Nevertheless, KeePassium seems to be the first KeePass iOS app with YubiKey support, yay! |
|
Already in the App Store :) |
Docs: update changelog Release: version bump to 1.09.50 Feat: add "Lock database" button to DB unlocker Feat(yk): add YubiKey challenge-response support (closes #25) Fix(db): assertion crash when auto-loading kp1 databases Feat(yk): add YubiKey challenge-response (NFC/MFi) Refactor(db): switch to CompositeKey instead of several arrays Chore(db): remove excessive SecureByteArray wrapping Feat(yk): integrate YubiKit Fix(viewGroup): enforce minimal row height for entries without title
|
Hello, Auto-fill feature isn't working with DB protected by Yubikey. Any idea why ? |
|
@samsam-rolon , it's the other way round: YubiKey does not work in AutoFill feature. This is because Apple wants AutoFill modules to be lightweight, so AutoFill is not allowed to access NFC or Lightning port. So there is no way to communicate with YubiKey from AutoFill... |
|
Well, it took four years to get YubiKey working in AutoFill… It is still limited to Lightning only (YubiKey 5Ci), but as of v1.51 AutoFill does work with YubiKey. |
YubiKey support is a frequently requested feature, especially since both desktop and Android apps have it. I am opening this feature request to collect relevant info on the topic and to keep track of updates.
YubiKey support in KeePass ecosystem is a wild zoo of formats and methods.
KeePass itself supports YubiKey in static mode (YK simulates a keyboard and types your master password), as well as HOTP and challenge-response modes (with the OtpKeyProv and KeeChallenge plugin, respectively).
KeePassXC, in turn, also supports YubiKey in challenge-response mode. In contrast to KeePass plugins, KeePassXC's implementation does not need any additional files (that would need to be synced), keeping the database self-sufficient. Well, with a YubiKey :)
Since KeePassXC is available on more platforms and needs only the database itself, their approach seems the best candidate for implementation.
The text was updated successfully, but these errors were encountered: