KeePass + iOS + YubiKey = KeePassium

Good news, everyone!

KeePassium is the first KeePass app for iOS that supports YubiKey.

Yubikey 5 NFC
YubiKey hardware security key

KeePassium adopts the challenge-response approach used by KeePassXC. Firstly, because their approach requires only the database itself — whereas KeeChallenge and OtpKeyProv rely on auxiliary files (which would complicate synchronization). Secondly, because KeePassXC is available on all major platforms as a native app.

For more details: How to use YubiKey with KeePassium/KeePassXC.

Demo of YubiKey support in KeePassium for iOS
YubiKey support in KeePassium

Requirements

YubiKey 5 NFC

  • An NFC-capable device (iPhone 7 or later)
  • iOS 13+

YubiKey 5Ci

  • Any iOS device with a Lightning port
  • iOS 11+

(The App Store release version of KeePassium does not yet support YubiKey 5Ci — this requires a special permission by Yubico and Apple.)

Update: YubiKey 5Ci is now fully supported.

Limitations

Unfortunately, the AutoFill part is not allowed to communicate with hardware. This limitation is set by the system. As a result, YubiKey-protected databases can only be unlocked in the main app. We are exploring a possible workaround for this nuisance.

iPad limitations

  • iPad devices do not have NFC hardware and thus won’t work with NFC keys.
  • iPad Pro devices with USB-C port are unfortunately not supported. (iPadOS has only limited support for USB accessories and cannot communicate with YubiKey in challenge-response mode.)
  • iPad devices with the Lightning port are fully supported.