The following method (Challenge-response with HMAC-SHA1) works on Ubuntu with KeePassXC v2.6.2 and 2x YubiKey 5 NFC with firmware v5.4.3: Far from perfect but better than just a password. Recommend to use a strong master password on top of the YubiKeys & save the DB regularly to generate new challenge/response pairs. Just remember in the second key you must copy & paste the same seed So you can use multiple YubiKeys, but they all have to be programmed with the same secret (see question above).Īnd The explanation to how to setup the same id in slot 2 in two yubikeys is here: You can only use a single secret for encrypting the database. This can be an analog paper copy, but since the YubiKey personalization tool allows you to program a custom secret into the key, you may as well program a second key with the same secretĬan I register multiple YubiKeys with my KeePassXC database? You should always make a copy of the HMAC secret that is stored on the YubiKey and keep it in a secure location.
In the Docs section, can we read this: What happens if I break my YubiKey? Can I create backup keys? You need to add the same seed to the other Yubikey to keep a copy of the seed. After talking to the KeePassXC dev team, it is clear that having two different seeds in two separate Yubikeys is not possible.
0 kommentar(er)
