This works for me on KeepassXC, and it looks like Yubico has instructions for original Keepass.
Comment on MFA
burgers@toast.ooo 2 months ago
im definitely an idiot but i couldn’t figure out at all how to make a yubikey work with a keepass database on android
hungprocess@lemmy.sdf.org 2 months ago
2xsaiko@discuss.tchncs.de 2 months ago
Yubikey is only really useful for authentication with a trusted party, and not decryption. You can technically use store a secret key on it but then its two biggest advantages are gone, namely that you can’t copy the key and that it doesn’t use the limited storage on the device.
cley_faye@lemmy.world 2 months ago
The yubikey can perform a hmac using a secret (supposedly) only available to the key’s internals. This is used in addition to the password, so that knowledge of the password without the key, or the key without knowledge of the password, can’t be used to decrypt the database. It’s kind of a half second factor (I know it’s not technically correct to call it that, but I hope you get the idea).
It’s also in their doc (that they use challenge/response): keepassxc.org/docs/ and is even featured on yubico’s website, which is somewhat weird but why not: www.yubico.com/works-with-yubikey/…/keepassxc/#te…
The issue GP had is probably that the keepass app does not support it on Android.