KeePass + iOS + YubiKey = KeePassium

Good news, everyone!

KeePassium is the first KeePass app for iOS that supports YubiKey.

YubiKey 5 NFC
YubiKey hardware security key

KeePassium adopts the challenge-response approach used by KeePassXC. Firstly, because their approach requires only the database itself — whereas KeeChallenge and OtpKeyProv rely on auxiliary files (which would complicate synchronization). Secondly, because KeePassXC is available on all major platforms as a native app.

For more details: How to use YubiKey with KeePassium/KeePassXC.

Demo of YubiKey support in KeePassium for iOS
YubiKey support in KeePassium

Requirements

YubiKey 5 NFC

  • An NFC-capable device (iPhone 7 or later)
  • iOS 13+

YubiKey 5Ci (upcoming)

  • Any iOS device with a Lightning port
  • iOS 11+

(The App Store release version of KeePassium does not yet support YubiKey 5Ci — this requires a special permission by Yubico and Apple. The registration process is expected to take a few weeks. In the meanwhile, YubiKey 5Ci support is fully available in the beta version.)

Limitations

Unfortunately, the AutoFill part is not allowed to communicate with hardware. This limitation is set by the system. As a result, YubiKey-protected databases can only be unlocked in the main app. We are exploring a possible workaround for this nuisance.