Create a New YubiKey Protected Database
Strongbox supports YubiKey protected databases (using the KeePassXC challenge-response mode). You can read more about how this whole process came together on Github here.
At the moment Strongbox supports YubiKey on Mac and iOS (NFC (iOS 13+) and the 5Ci over lightning).
There are 2 key steps to...
Add a YubiKey as a Factor to an Existing Database
To add a YubiKey as a factor to an existing KeePass database, simply do the following:
Unlock the existing database as normal
Tap the Circle button in the top right corner
Tap ‘Set Master Credentials’
Here you can completely set any or all the 3 possible factors:
I’ve Lost My YubiKey
Note: The below applies to iOS only, you will need an iOS device to recover using a virtual hardware key. It is not currently possible to use virtual hardware keys on macOS, but we hope to add support for this soon too...
If you somehow lose your hardware YubiKey device which you’ve been using t...
Use a YubiKey With AutoFill on iOS
It is possible to use a YubiKey protected database in AutoFill mode on iOS by using virtual hardware keys. You can read more about virtual hardware keys and why they are needed for AutoFill mode here. You must know the secret you programmed your YubiKey with to create a virtual hardware key.
Can I Use My YubiKey With USB-C on My iPhone or iPad?
iPhones & iPads with Lightning Ports
If your iPhone/iPad has a Lightning connector, it will work normally with your YubiKey.
For the list of compatible YubiKey keys please see Yubico's Strongbox product page here:
iPhones with US...
YubiKey Doesn’t Work With AutoFill
If you are having trouble using a virtual hardware key in AutoFill mode it could be because:
It is your first time using this database and you are using Face/Touch ID or PIN Code
You are using the wrong Virtual Hardware Key
The first time you use a Virtual Hardware Key in AutoFill you cannot als...
Create a Backup Yubikey
You can create multiple copies of your YubiKey using the instructions below. This can be useful so that you have a backup, in case the original YubiKey is lost.
To do this:
Program the first YubiKey for HMAC-SHA1 Challenge Response
Make a record of the unique "secret" that is generated
Do I Still Need to Enter My Master Password If I'm Using a YubiKey?
To secure your database, you can use any of these three authentication factors:
A master password
A key file
And you can use a combination of one, two, or all three of the above. For instance you could use:
Only a master password
A master password and a key file
A master password, a k...
YubiKey Compatibility with KeeChallenge
Strongbox is NOT compatible with the KeeChallenge plugin. You cannot use a KeeChallenge protected database with Strongbox and you cannot use a YubiKey protected database created by Strongbox with the KeeChallenge plugin.
Strongbox uses the KeePassXC paradigm for Challenge Response via YubiKey. T...
YubiKey Not Working / Not Visible on Mac
To make sure Strongbox can access your YubiKey over USB on Mac, you need to make sure Strongbox is enabled here:
System Preferences –> Security & Privacy –> Privacy –> Input Monitoring
You may need to restart your device or Strongbox for these changes to take effect.
"Unsupported or Configured on Key or Slot" Error Message When Using Yubikey
This can happen for a number of reasons, even if you have properly programmed your Key/Slot for HMACSHA1 Challenge Response.
It could mean a faulty YubiKey device but first you should check the following setting using the "Yubikey Manager" tool. There is a setting to enable/disable specific func...