![]() ![]() Note that the above method adds a CR to the seed. RFC2104 recommends that your seed is as long as the underlying hash function (20 bytes for SHA1) The following method (Challenge-response with HMAC-SHA1) works on Ubuntu with KeePassXC v2.6.2 and 2x YubiKey 5 NFC with firmware v5.4. Generate a base32-encoded secret seed (ex: "SECRETSEED") that will be programmed into both keys.You will be overwriting slot#2 on both keys. Check that slot#2 is empty in both key#1 and key#2.Install ykman (part of yubikey-manager).The following method (Challenge-response with HMAC-SHA1) works on Ubuntu with KeePassXC v2.6.2 and 2x YubiKey 5 NFC with firmware v5.4.3: Click Interfaces and make sure that OTP is checked for both USB and NFC interfaces. As a final step, make sure that apps can talk to your YubiKey. Far from perfect but better than just a password. When KeePassium requests your YubiKey, you will need to touch the Y button on the NFC key (or touch the sides of the YubiKey 5Ci key). Recommend to use a strong master password on top of the YubiKeys & save the DB regularly to generate new challenge/response pairs. ![]() Just remember in the second key you must copy & paste the same seed So you can use multiple YubiKeys, but they all have to be programmed with the same secret (see question above).Īnd The explanation to how to setup the same id in slot 2 in two yubikeys is here: the U2F feature in Keepass witch looks for me kind of simular to what you did in your files to store passwords. Discover the YubiKey Using YubiKey is easy Find the right YubiKey Works with YubiKey One key for hundreds of apps and services Save money + simplify purchase & support with YubiEnterprise Subscription. You can only use a single secret for encrypting the database. This can be an analog paper copy, but since the YubiKey personalization tool allows you to program a custom secret into the key, you may as well program a second key with the same secretĬan I register multiple YubiKeys with my KeePassXC database? You should always make a copy of the HMAC secret that is stored on the YubiKey and keep it in a secure location. for additional authentication methods such as YubiKey and FIDO U2F, and more. In the Docs section, can we read this: What happens if I break my YubiKey? Can I create backup keys? 1 KeePass KeePass stores all of your passwords in an encrypted database. You need to add the same seed to the other Yubikey to keep a copy of the seed. After talking to the KeePassXC dev team, it is clear that having two different seeds in two separate Yubikeys is not possible. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |