Support yubikey challenge response

[piratenpanda]

Would be nice if the app would support challenge response via the yubichallenge app

[J-Jamet]

This is not a priority because I have to solve bugs and put more basic features but why not in the future.

[rugk]

For reference KeePassXC implements this on the desktop and if you want code for Android OpenKeyChain supports YubiKey (in a different use case for PGP keys, but well… it's something.

[piratenpanda]

Keepass2android has a working implementation with calling the yubichallenge app

[rugk]

Hmm… don't know whether depending on another app is so good. At least it would be nice to not only support this one vendor, but well… future plans anyway. But thanks FYI.

[piratenpanda]

If there is an implementation like in openkeychain even better, sure

[ovz93br43v7]

This feature would be great and please compatible to the KeepassXC implementation.

[piratenpanda]

might as well use ykdroid instead of the yubichallenge app as keepass2android does for a while now. Just to update on my first post

[LivInTheLookingGlass]

Is this still a planned feature?

[J-Jamet]

Yes, I'm just going to release the final 2.5 version before starting big jobs like this issue. I must also look at the other existing physical keys (open source) and study the functioning of KeePassXC.

[dimmuboy]

Is there any forecast which version could be have finally yubikey support?

[J-Jamet]

I have not yet looked at the technical operation of the yubikey for lack of time because of new bugs and more important features to implement, but if a technician is motivated to make a pull request, it will be very nice.

[J-Jamet]

I bought a Yubikey4 and an Onlykey to be able to test, I still have to study how the challenge response works with these keys and think about the architecture.

[hughobrien]

Hi there! I'm buying KeePassDX Pro now to show my support for this issue!
I was using passwdsafe which implements it via NFC.

Thanks for your work.

[invalid-error]

Hi there! I'm buying KeePassDX Pro now to show my support for this issue!
I was using passwdsafe which implements it via NFC.

Thanks for your work.

Hi there! I'm buying KeePassDX Pro now to show my support for this issue!
I was using passwdsafe which implements it via NFC.

Thanks for your work.

I would like do the same but I am using f-droid (no Pro available). Any update on Yubikey support (like KeePassXC Desktop). I would also like to do a donation for this new feature 🥇 .

[invalid-error]

All my BAT to you @J-Jamet ;)
... you should add this to your Cryptocurrency donation section.

[schmitmd]

Bought KeePassDX Pro and would love to see this feature.

[intrnl]

Would it be possible for the biometric unlock function to not require having the YubiKey inserted? I kinda wanted it so that my YubiKey is only required when trying to open my password database for the first time.

[Michal78900]

Key Driver crashes or throws error when trying to use a Yubikey via NFC. However, I was able to open my database when connected via USB using an adapter. Not sure if NFC not working is a bug or is it just me who doesn't know how to hold the key (I'm fairly new YubiKey user).

I also would appreciate an option for biometric unlock function to not require Yubikey challenge-response, unless the user wants to write changes into the database.

[J-Jamet]

Would it be possible for the biometric unlock function to not require having the YubiKey inserted?

In this case, there is no point in using a Yubikey : #8 (comment)

Key Driver crashes or throws error when trying to use a Yubikey via NFC.

https://gitlab.com/kunzisoft/android-hardware-key-driver/-/issues Download the YkDroid mode while waiting for the update. #8 (comment)

[Michal78900]

Download the YkDroid mode while waiting for the update. #8 (comment)

Thank you very much! Now it works without any issues via both USB and NFC.

[ZenMasta]

Key Driver is working great for me. KPDX build 3.5.0Beta02. It's as fast as on desktop.

Normally using these keys on phone is super tedious and not nearly as fast as totp because it's a 3-step process.

1. Use your key on www.website "Get Started"
2. choose how to use (BT, NFC, USB)
3. Google Play Services prompt, allow GPS to access my key

With the driver, the's only 1 prompt. I love it!

[j6b72]

Google Pixel 6P: The provided YkDroid-Mod works flawlessly via NFC, while the Key Driver just vibrates as soon as I swipe my key. No interesting stuff from logcat, but I can provide the logs if required.

Either way, thank you so much for your efforts!

[pmorange]

Hi, currently not working on a Galaxy S22 Ultra.
I have the latest beta of KeepassDX and the latest version of the Key Driver.
What happens is ... nothing : the screen changes for me to pass my Yubikey. I get it close to my phone, it vibrates, but then nothing happens. The screen of the key driver keeps on waiting. I'm not sure how I can get logs to you.
Also, when I go back the password field gets resetted.

[macearl]

I'm also still having problems with the new 0.1.5

I've disabled my yubico authenticator before testing to exclude the automatic app switching as a possible cause.

If I have my yubikey already attached the key driver asks me it touch the button and then tells me there was a problem and I should reconnect my yubikey.

If I reconnect it or if it was not already connected I get the prompt to allow access to the yubikey and as soon as I confirm this the app crashes with the following error:

FATAL EXCEPTION: main
Process: com.kunzisoft.hardware.key, PID: 15598
java.lang.RuntimeException: Error receiving broadcast Intent { act=android.yubikey.intent.action.USB_PERMISSION_REQUEST flg=0x10 } in com.kunzisoft.hardware.key.ConnectionManager@dbb852e
	at android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0$LoadedApk$ReceiverDispatcher$Args(LoadedApk.java:1689)
	at android.app.LoadedApk$ReceiverDispatcher$Args$$ExternalSyntheticLambda0.run(Unknown Source:2)
	at android.os.Handler.handleCallback(Handler.java:938)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loopOnce(Looper.java:201)
	at android.os.Looper.loop(Looper.java:288)
	at android.app.ActivityThread.main(ActivityThread.java:7870)
	at java.lang.reflect.Method.invoke(Native Method)
	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1003)
Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'int android.hardware.usb.UsbDevice.getVendorId()' on a null object reference
	at com.kunzisoft.hardware.yubikey.challenge.UsbYubiKey$Type.lookupDeviceType(UsbYubiKey.java:121)
	at com.kunzisoft.hardware.yubikey.challenge.UsbYubiKey$Type.isDeviceKnown(UsbYubiKey.java:131)
	at com.kunzisoft.hardware.key.ConnectionManager.requestPermission(ConnectionManager.kt:224)
	at com.kunzisoft.hardware.key.ConnectionManager.onReceive(ConnectionManager.kt:164)
	at android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0$LoadedApk$ReceiverDispatcher$Args(LoadedApk.java:1679)
	... 9 more

[J-Jamet]

Can you test the latest release 0.1.7, it should solve the crash problems and allow better error handling. It is now possible to manually restart an NFC scan.

[super9mega]

Hey! just tested it and everything seems to load, no crashing, but then it tells me that it could not read credentials. not sure what the issue is but I can get a log here in a minuite

[macearl]

The new version works fine for me as well, tried unlocking the database a couple of times no problems or crashes so far.

I assume the key driver will also be added to fdroid once it reaches a stable version?

[super9mega]

oops, Messed up, did not notice we were using KeepassXC format rather than a sperate database.xml format, which is what keepass normal uses. Everything seems to be working NFC and USB.

[J-Jamet]

I assume the key driver will also be added to fdroid once it reaches a stable version?

Indeed

[wandering-tales]

The new 0.1.7 version definitely solved all my crashing issues. Amazing job!

[moya2162]

I noticed the following issue when trying to open database using magikeyboard:

1. Use Magikeyboard to launch keepassdx.
2. Select database.
3. Type password. Yubikey challenge-response already selected as option.
4. Select Open.
5. Get popup about entering challenge-response, not the key driver app. Scan yubikey but fails.
   
6. Re-enter password and select open.
7. Key driver app properly asks for yubikey
8. Database opens.

Using keepassdx 3.5 beta 01 and key driver 0.1.7.

[dave0003]

I installed KeePassDX and Key Driver to try with my Yubikey 4. It is working, though I noticed it works better if I wait until Key Driver prompts for the yubikey, to plug the yubikey in. Then after plugging it in, it asks for permissions, and it works. If I try to open the database with the yubikey already plugged in, it fails to open the first time, then asks for permissions, and works the second time.

KeePassDX 3.5.0 Beta01 from F-Droid and Key Driver 0.1.7 from Play Store.

[J-Jamet]

Thx @moya2162 & @dave0003 for your feedback, it's very helpful in identifying and solving problems. I'll add these bugs to the kanban so I can deal with them. https://github.com/Kunzisoft/KeePassDX/projects/43

[leaumar]

Just wanna add my (positive) experience giving kpdx beta and keydriver a try. I got a yubikey just this week, to try the experience myself and figure out how well I can use it for what things. Compared to webauthn under windows and the different official yubi management apps, making a yubikey-locked db (usb+touch) under keepassxc and then opening it on my phone with nfc has worked without a single surprise or error. Very nice, definitely helps make me feel like I could open up to relying on these gadgets soon without worrying much about support issues. Thank you for the great work, buying keepro as we speak 👍

[J-Jamet]

@moya2162 The problem is normally fixed in version 2.5.0beta03, there is a better management of asynchronous events.
There is also database merge management using Yubikey as well as autofill management. I didn't see any bug with this new build. If it's OK, I'll switch to stable in a week.
@dave0003 Your issue is directly related to the driver app which is rewritten in a more modern way (The problem is decoupled from the KeePassDX app)
@leaumar Thank you, it is really appreciated.

[moya2162]

@J-Jamet So i installed 3.5b3 and tried to unlock my database and it appears the prompting of the key driver works every time, but scanning (nfc) of my yubikey fails every time. I scan (nfc) my yubikey but the key driver doesn't see it. I get a prompt to open a web link to yubikey's key verification page (standard).

Using an OTG cable the yubikey works, but not ideal.

I did a fresh install, wiped app data and cache, uninstalled 3.5b1 (fdroid) and installed 3.5b3 (git).

EDITL***

Nevermind this post, See post below for explanation!

[J-Jamet]

The problem comes rather from the driver / NFC reception. I did not touch this part and it works on 3 of my NFC phones.

[moya2162]

False alarm! I have a tasker profile that automatically turns on NFC when keepassdx and key driver are open and turns it off when closed. When i installed the new app it wasn't picked up by tasker so NFC was off when keepassdx was launched. NFC only turned on when key driver was open but at that point it wouldn't work. NFC needs to be on when in keepassdx. If not it fails.

All worked on my end now!

[J-Jamet]

Stable release 3.5.0 done, the driver remains in beta version until finalization but remains functional.
Enjoy

[52fitz]

Nice. Many thanks.

[nimser]

After clicking "OPEN" I get the prompt to swipe the NFC device, then I'm asked to select a default app. I see only web browser, not the keyDriver app. What am I missing?

I installed 0.1.7

[J-Jamet]

Duplicate #1504