It is possible to use a YubiKey protected database in AutoFill mode on iOS by using virtual hardware keys. You can read more about virtual hardware keys and why they are needed for AutoFill mode here. You must know the secret you programmed your YubiKey with to create a virtual hardware key.
Creating a Virtual Hardware Key
- Tap your database to begin the unlock sequence.
- If you are using a PIN Code, Touch ID or Face ID convenience unlock then you need to fail or cancel out of this to get to the manual unlock screen.
- Now under 'Hardware Key' tap 'Configure...' or tap your existing Hardware Key configuration if that was set.
- Under 'Virtual Hardware Keys' tap 'Add New...'
- Enter a name for your new Virtual Hardware Key, e.g. "My AutoFill Virtual Hardware Key"
- Enter your HMAC-SHA1 secret (which you programmed your YubiKey with) string (without spaces) in to the HMAC-SHA1 Secret field.
- You can switch on the "AutoFill Only" switch if you want this key to be available only in AutoFill mode.
- You may or may not need to switch on the "Fixed Length Input" switch depending on how you originally programmed your YubiKey.
- Tap Add to complete the creation of your Virtual Hardware Key.
If you chose to make your key available to the main app as well as AutoFill you can now immediately check if it works by selecting it in the Unlock screen. Otherwise, switch over to AutoFill mode and try it out.
Note: It may be considered more secure to make your Virtual Hardware Key because of the limited access to your database from AutoFill mode.
If you are having trouble using a virtual hardware key in AutoFill mode it could be because:
- It is your first time using this database and you are using Face/Touch ID or PIN Code
- You are using the wrong Virtual Hardware Key
The first time you use a Virtual Hardware Key in AutoFill you cannot also use Face/Touch ID or a PIN Code. This is a limitation we are working on. For the moment you need to work around this by:
- Go into the main Strongbox app, unlocking your database and then disabling Face/Touch ID and/or PIN Code.
- Return to Safari/Third Party App and tap on the "Key icon > Strongbox" instead of the QuickType "suggestion"
- Once you see your databases list, tap on the correct database and manually enter your credentials including setting the correct Virtual Hardware Key. This should unlock for you.
- Now that this is setup you can re-enable Face/Touch ID or PIN Code in the main app.