keepassxc
keepassxc copied to clipboard
keepassxreboot
Error when saving database, challenge-response prompt fails to find my yubikey, "Writing the database failed: Unable to calculate database key"
Overview
I get this error when saving my database. Writing the database failed: Unable to calculate database key: General: Could not find interface for hardware key with serial number <serialnumber>. Please connect it to continue. Despite the same yubikey used to unlock the db is connected. Issue goes away once I close the application and open the database again with the same key.
Steps to Reproduce
- Open db
- Make changes to the database
- Save database
Expected Behavior
Challenge-response prompt should recognize key.
Actual Behavior
Produces error: Writing the database failed: Unable to calculate database key: General: Could not find interface for hardware key with serial number <serialnumber>. Please connect it to continue.
Context
I've experienced this error about half a dozen times in the last two-ish weeks. Recently started making some changes to my db, keeping the db open for extended periods (over an hour), occasionally disconnecting yubikey (5 Nano) and connecting other yubikey (5 NFC, same challenge-response credentials used to unlock db) and onlykey (not used to unlock db). Database is stored locally on an external drive.
I had "automatically save after every change" disabled. Alternative saving method was enabled but I normally keep it off; after several failed save attempts, prompt asked me to disable safe saves which I allow (still didn't solve the problem), which I think enables this option and I forget to disable it later. I could be wrong.
Even when I'm not having this problem, the serial key of my yubikeys are never shown in such logs as dmesg, even though I enabled the relevant settings in the yubikey personalisation tool (button at startup, usb descriptor, api call).
As far as I know, there is no way to save my changes when this happens, so I lose them. Please advise if there is any possible way to save db even when this occurs, even saving to CSV as a worst-case scenario.
I believe this issue might be related: https://github.com/keepassxreboot/keepassxc/issues/7845#issue-1198951919
KeePassXC - Version 2.7.6 Revision: dd21def Downloaded from fedoraproject.org via dnf
Operating system: Fedora Linux 39 (Workstation Edition) CPU architecture: x86_64 Kernel: linux 6.6.8-200.fc39.x86_64 Desktop Env: Gnome 45.2 Windowing System: Wayland
You cannot swap yubikeys once the database it unlocked with a certain key. Doesn't matter if they are "the same" with a shared secret. Please confirm you are absolutely 100% using the same exact key when you see this error. Based on your description you are swapping keys, maybe even unknowingly.
You cannot swap yubikeys once the database it unlocked with a certain key. Doesn't matter if they are "the same" with a shared secret. Please confirm you are absolutely 100% using the same exact key when you see this error. Based on your description you are swapping keys, maybe even unknowingly.
I'm aware of this. I put the same key back in. To be sure, I used both keys. Neither of them are being recognized. I am 100% certain, I would bet my life on it. I only have two yubikeys, so it's not like I'm confusing them for others that are lying around.
I also put them in various USB ports. I normally use a usb hub; I put the same yubikey in the same hub, in the same usb port. I also put it in the usb port directly on the PC.
There isn't much I can say to this without replicating it myself. We have plenty of people using yubikeys without issue so this may unfortunately be an issue specific to your computer or Linux configuration.
There isn't much I can say to this without replicating it myself. We have plenty of people using yubikeys without issue so this may unfortunately be an issue specific to your computer or Linux configuration.
You said this exact same thing for #9375. I'm not doing anything weird on my computer. I don't think it would be appropriate to consider something non-reproducible if you don't actually try to reproduce it. This is actually a serious bug that prevents users from saving their progress, this ~~can~~ will lead to data loss.
If there's absolutely nothing you can do beyond attempting to reproduce my environment, I will see if I can identify the problem myself. Might take a while though.
That's the nature of software, especially on Linux. There are a lot of variables and oftentimes the issue is not with the program experiencing the symptoms.