By chatting and providing personal info, you understand and agree to our Terms of Service and Privacy Policy.
Corporate Site
Overview
How it works
For Home
Step-by-Step Guides
Get Tech Support
|
1-808-210-2095

How to setup YubiKey with KeePassium

Authored by: Support.com Tech Pro Team

1. Introduction

How to setup YubiKey with KeePassium

 

2. Set Up

Initial setupThe following steps will prepare your YubiKey for the challenge-response mode.

  1. On your computer, install the YubiKey Manager and launch it
  2. Launch How to set up YubiKey Manager
  3. Clicking this shortcut will mark this step as "Completed," and if you complete the next Guided Path, this Guided Path will be completed automatically
  4. Insert your YubiKey, if you have not done that yet.
  5. If you see an “Unknown error occurred” on macOS, go to system preferences → Security & Privacy â†’ Input Monitoring, and allow input monitoring for YubiKey Manager.
  1. Click Applications â†’ OTP
YubiKey Manager: OTP slot selection
  1. Choose the slot to configure. The first slot is reserved in some keys, so select Configuration Slot 2.
YubiKey Manager: OTP credential type
  1. Select Challenge-response credential type and click Next.
YubiKey Manager: Challenge-response secret key
  1. Set your HMAC-SHA1 challenge-response parameters:
  2. Secret key â€” press Generate to randomize this field. Make sure to copy and store the generated secret somewhere safe. If you ever lose your YubiKey, you will need that secret to access your database and to program the replacement YubiKey.
  3. Require touch â€” this prevents rogue apps from talking to your YubiKey without your permission. When KeePassium requests your YubiKey, you will need to touch the “Y” button on the NFC key (or touch the sides of the YubiKey 5Ci key).
  4. Press Finish programming the YubiKey.

As a final step, make sure that apps can talk to your YubiKey. Click Interfaces and make sure that OTP is checked for both USB and NFC interfaces. (Otherwise, KeePassium might show something like “YubiKey select applet failed with code 0x6A82”.)

YubiKey Manager: Allow OTP via both interfaces

 

Using YubiKey with your database

Once your YubiKey is configured, you can add it as a component of the database master key, along with a password and key file (or instead of them).

Set up a new database

When creating a new database, tap the hardware key button and select YubiKey Slot 2:

 How to configure a new database to use YubiKey

Set up an existing database

To make YubiKey a required master key component for your existing database:

  • Open the database with the current master key (password and/or key file)
  • Tap the Change Master Key button at the bottom of the screen:
  • Tap the hardware key button and select YubiKey Slot 2:
 How to change the existing master key to include YubiKey
  • Tap Done to save changes.
  • Once prompted, insert or scan your YubiKey (touch it with the top side of your phone).
  • That’s it! Now the database can be decrypted only with your YubiKey.

Unlocking a database

To unlock a YubiKey-protected database, tap the hardware key button and select YubiKey Slot 2. If necessary, enter your password and/or choose the key file.

  Using YubiKey with KeePassium for iOS

Once prompted, insert or scan your YubiKey (touch it with the top side of your phone). If all the master key components are correct, the database will open up.

Privacy Matters

Support.com is committed to your privacy
We do not share or sell your data to third parties. We do use cookies and other third-party technologies to improve our site and services. The California Consumer Privacy Act (CCPA) gives you the ability to opt out of the use of cookies, third-party technologies and/or the future sale of your data. Do not sell my personal information.

Support.com is committed to your privacy
Read our Privacy Policy for a clear explanation of how we collect, use, disclose and store your information

©2024 RealDefense LLC. Support.com is a trademark owned by RealDefense LLC.
PRIVACY
TERMS OF USE