KeePass + iOS + YubiKey = KeePassium

30 January 2020

Good news, everyone!

KeePassium is the first KeePass app for iOS that supports YubiKey.

YubiKey 5 NFC — YubiKey hardware security key

KeePassium adopts the challenge-response approach used by KeePassXC. Firstly, because their approach requires only the database itself — whereas KeeChallenge and OtpKeyProv rely on auxiliary files (which would complicate synchronization). Secondly, because KeePassXC is available on all major platforms as a native app.

For more details: How to use YubiKey with KeePassium/KeePassXC.

Demo of YubiKey support in KeePassium for iOS — YubiKey support in KeePassium

Requirements

YubiKey 5 NFC

An NFC-capable device (iPhone 7 or later)
iOS 13+

YubiKey 5Ci (upcoming)

Any iOS device with a Lightning port
iOS 11+

(The App Store release version of KeePassium does not yet support YubiKey 5Ci — this requires a special permission by Yubico and Apple. The registration process is expected to take a few weeks. In the meanwhile, YubiKey 5Ci support is fully available in the beta version.)

Limitations

Unfortunately, the AutoFill part is not allowed to communicate with hardware. This limitation is set by the system. As a result, YubiKey-protected databases can only be unlocked in the main app. We are exploring a possible workaround for this nuisance.