Yubico Forum
https://forum.yubico.com/

How do I get early (2.0.2) Yubikey to work with Keepass?
https://forum.yubico.com/viewtopic.php?f=16&t=2631
Page 1 of 1

Author:  Rcdadaptor [ Tue May 02, 2017 3:08 pm ]
Post subject:  How do I get early (2.0.2) Yubikey to work with Keepass?

Any clues how to get a non oath equipped yubikey (firmware 2.02) to work using keepass 2fa?

I can do it via Google authenticator and 'phone, but that is too clunky as it requires manually entering 6 digit codes to a minimum of three (up to six) boxes. I'd like to just press the key 3 (or 4,5,6) times. (Extra question - can a longer custom string than 8 be used to maintain strength with fewer entries? e.g. can a plug in be written that say accepts a single otp that is longer than the 6-8 oath spec?)

I have an old yubikey that is non oath equipped that owes me nothing, and I'd rather not spend $40-50 to get a yk4 just for this purpose.

Have looked everywhere, for plug ins libraries etc to use yubicloud instead but either I'm not phrasing the question correctly or it hasn't been done.

Could I write my own plug in, to validate a key to unlock the vault? I am using windows 10 x64, Keepass 2.35, and optkeyprov 2.5(for Gauth so far). I'm not a programmer but can follow clear instructions!

Thanks if there is anyone out there who knows!!

edit - revised title to seek answers (rather than suggest I have the answer!)

Author:  Morthawt [ Mon Oct 02, 2017 2:34 pm ]
Post subject:  Re: How do I get early (2.0.2) Yubikey to work with Keepass?

Rcdadaptor wrote:
Any clues how to get a non oath equipped yubikey (firmware 2.02) to work using keepass 2fa?

I can do it via Google authenticator and 'phone, but that is too clunky as it requires manually entering 6 digit codes to a minimum of three (up to six) boxes. I'd like to just press the key 3 (or 4,5,6) times. (Extra question - can a longer custom string than 8 be used to maintain strength with fewer entries? e.g. can a plug in be written that say accepts a single otp that is longer than the 6-8 oath spec?)

I have an old yubikey that is non oath equipped that owes me nothing, and I'd rather not spend $40-50 to get a yk4 just for this purpose.

Have looked everywhere, for plug ins libraries etc to use yubicloud instead but either I'm not phrasing the question correctly or it hasn't been done.

Could I write my own plug in, to validate a key to unlock the vault? I am using windows 10 x64, Keepass 2.35, and optkeyprov 2.5(for Gauth so far). I'm not a programmer but can follow clear instructions!

Thanks if there is anyone out there who knows!!

edit - revised title to seek answers (rather than suggest I have the answer!)


I have tested this one which uses the SHA1 challenge-response and it seems to work well, although I do not understand the purpose of why it needs to know the secret used on the Yubikey for the challenge because if it sends data to it, it should always get the right response. But I did not write the plugin so I am sure there is a reason why it needs it. I just hope that the secret is used/stored securely. https://brush701.github.io/keechallenge/

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/