keepass2android icon indicating copy to clipboard operation
keepass2android copied to clipboard

Published 20 hours ago verified publisher icon PhilippC

App fails to remember key type when using Yubikey and key file

Open RealOrangeOne opened this issue 4 years ago • 6 comments

When authenticating using a password, key file and YubiKey, the vault opens properly.

However, when the vault is locked, the type reverts back to either "Password only" or "Password + Key file".

This would be fine if simply changing type was all that's needed (or at least a bit less annoying), but changing type clears the configured key file, which when set to an internal file can't be retrieved.

It would be nice if the unlock mechanism was always remembered, and the key file potentially remembered when switching between types.

RealOrangeOne avatar Apr 12 '20 19:04 RealOrangeOne

Tried keyfile without challenge-response, works fine.

Tried challenge response without keyfile, works fine.

Not sure what's going on here!

RealOrangeOne avatar Apr 16 '20 20:04 RealOrangeOne

I am observing the exact same behavior / issue as RealOrangeOne when using my Yubikey.

The issue is that when you select "Password + key file + challenge response", and the Yubikey works however what seems to happen is that next time you go to login it has "forgotten" the password and key file that it otherwise always remembers if you just select "Password + Key file" or "Password" but and no hardware key (challenge response).

I have a suspicion this is due to the way the Yubikey is managed in the code where the Yubikey challenge-response is not to be stored. I think this is perhaps affecting the password and key file retention attribute also.

Please have a look - thank you.

Toucs avatar May 03 '20 10:05 Toucs

I can confirm exactly the same behaviour. I also do kindly request a solution :-)

gittehupe avatar May 25 '20 20:05 gittehupe

Just hit the same bug with challenge for keepassXC. It nearly render password + key file + challenge response unusable for now

Also, someone also experienced this in #1414

pfoo avatar May 11 '21 19:05 pfoo

Hi Philipp,

gerade habe ich bei meiner Frau Keepass2Android installiert und hoffte der Bug ist mittlerweile behoben. Wäre cool, wenn Du ein paar Minuten Zeit finden könntest. Kein Stress... aber es wäre schon ziemlich cool, da damit die Sicherheit sich auf drei Stellen verteilen ließe: Passwortdatei online bei Anbieter A, Keydatei online bei Anbieter B und Yubikey physikalisch vor Ort als Ergänzung zum einfachen Passwort.

Folgende Duplicates gibt es aus meiner Sicht mittlerweile:

  • https://github.com/PhilippC/keepass2android/issues/1277
  • https://github.com/PhilippC/keepass2android/issues/1414
  • https://github.com/PhilippC/keepass2android/issues/1654

Liebe Grüße Timo P.S. ich sponsere Dir auch gerne einen Kasten Kaltgetränk wenn das läuft ;-)

Tien1602 avatar Dec 29 '21 23:12 Tien1602

I confirm that this issue is still active as of July 2022. I also am grateful for your work with Keepass2Android and am happy to donate a beer ;)

dkoppstein avatar Jul 29 '22 22:07 dkoppstein