How to use KeeChallenge plugin?

[JRussell]

Your comparison documentation says that KP2A supports the KeeChallenge plugin. I've done some searching and for the life of me can't figure out how to add something like that. I'm trying to use a Yubikey 4 in challenge response mode to manage my database. I currently use KeepassXC on Windows but need an android solution for on the go. Can you point me in the right direction?

[PhilippC]

When I developed this, I used a Yubikey Neo (with NFC) and Keepass 2 on Windows.
Unfortunately this feature seems to be broken on more recent Android versions (>= 6 I think). Please refer to #4 for updates on this.

[PhilippC]

Sorry, looks like I am wrong regarding Yubichallenge. For databases created with the KeeChallenge plugin on Windows this still should work.
Here's what I did:

• Configure a Yubikey Neo with Challenge-Response on Slot 2
• Save a database using the Keechallenge plugin as a key provider
• Make sure that both the .kdbx and the corresponding .xml file are accessible on the Android device. (For my test, I placed them in a Dropbox folder and opened the .kdbx file using the built-in Dropbox support)
• Choose "Open Database" -> Dropbox -> browse to the kdbx file in Keepass2Android
• Click the "Load OTP-Aux file" button. You are prompted to install YubiChallenge. Do so.
• Click the Load OTP button again. YubiChallenge opens up, swipe your Yubikey NEO.
• Back on the password screen, the OTP-aux-button should be gone. Enter your master key and press Unlock button.
• You're in!

The button caption is obviously bullshit and should rather be "Do Challenge-Response". But apart from this, Keepass2Android seems still compatible with Keechallenge.
@JRussell could you please test if this works for you as well?

Note that I did not have any other Yubico app on the device.

Tested with Android 6 on a SGS5.

[Michsior14]

@PhilippC
Is there a possibility to make challenge-response from usb connected yubikey?

[iansebryk]

Hey. Not all Android devices support NFC, but they DO support USB. So how do we perform challenge-response via Yubikey Neo USB? This is pretty basic stuff...shouldn't be this difficult...

[piratenpanda]

I'd love to see this working with a Yubikey C that you just plug into your USB-C port for challenge response

[PhilippC]

@iansebryk @piratenpanda please try the beta 1.06b (https://play.google.com/apps/testing/keepass2android.keepass2android) and install ykDroid (https://play.google.com/store/apps/details?id=net.pp3345.ykdroid&hl=en). I haven't tested but it should work with Yubikey C as well.

[iansebryk]

this works beautifully. the beta fixed the issues. sorry for the long delay. work got in the way of the fun stuff. ;)

[mattwind]

* Make sure that both the .kdbx and the corresponding .xml file are accessible on the Android device. (For my test, I placed them in a Dropbox folder and opened the .kdbx file using the built-in Dropbox support)

How do you generate the xml file? I can't find any documentation on how this is made. Thanks

[piratenpanda]

Keepass with keechallenge should create this file for you when enabling this for your database

[mattwind]

Keepass with keechallenge should create this file for you when enabling this for your database

Thanks, I had to install the OtpKeyProv plugin for KeePass and that generated the xml file.