KeePassXC
Instructions on setting up KeePassXC with your Yubikey.
Last updated
Was this helpful?
Instructions on setting up KeePassXC with your Yubikey.
Last updated
Was this helpful?
This tutorial requires one device of any in the following categories:
In order for KeePassXC to properly detect your Yubikey, you must setup one of your two OTP slots to use a Challenge Response.
Open Yubikey Manager, and select Applications -> OTP.
Next, select Long Touch (Slot 2) -> Configure
In the list of options, select Challenge Response.
You will then be asked to provide a Secret Key. You can either come up with your own, or click the Generate button if you wish to just use a random one.
At the bottom left is the option to Require Touch. Enabling this means that every time you save your database or open your database, your Yubikey will require that you touch it before it completes the action. This is optional.
Before you click Finish, ensure you write down the secret key you've generated. You must save that secret key if you want to set up multiple Yubikeys to open the same database. All Yubikeys must have the same challenge response programmed into Slot 2.
Once you have slot 2 on your Yubikey configured as a challenge response, open KeePassXC.
If creating a new database, create the database as you normally would and continue to click Next.
When you get to the screen titled Database Credentials, click the button Add Additional Protection ...
Scroll down until you see the Challenge Response -> Add Challenge Response:
Scroll down to Challenge Response and you should see a dropdown box that lists your Yubikey. Make sure your Yubikey is plugged in.
If you do not see your Yubikey, press Refresh.
From this point, you can finish setting up your database.
If you have an existing database you would like to add your Yubikey to, open your database with KeePassXC.
Once you are in, click Database at the top left, and select Database Settings.
Once the dialog box opens, on the left side select Security.
In the middle of the screen, click the button Add Challenge-Response.
It should then load your Yubikey:
If your Yubikey does not appear in the list, ensure it's plugged all the way in, and press the Refresh button.
Once you see your Yubikey in the list, make sure it's selected.
If you selected Require Touch when you first assigned a Challenge Response to slot 2 in the Yubikey Manager, you will be prompted with a notification each time you make a change to your KeePassXC database:
If you fail to touch your Yubikey within a certain number of seconds, your action will time out and changes will not be saved.
After it is selected, you can press
