GitHub just got a lot of Yubikeys out there.

Thanks for supporting FLOSS crypto stuff!

I think KeeChallenge.sdf is just an artifact of some dev tool, is that right?

Hello,

I like this tool. Can you please update it so it is working with KeePass 2.51.1? It is working with 2.50 so I think it is not a big thing, hopefully.

Thanks,

Michael

KeeChallenge is unable to find the necessary 32 and 64 bit directories when installed on a network share. Can be fixed by making the following changes in YubiWrapper:

public static string AssemblyDirectory
{
    get
    {
        string codeBase = System.Reflection.Assembly.GetExecutingAssembly().CodeBase;
        Uri uri = new Uri(codeBase);
        string path = Uri.UnescapeDataString(uri.LocalPath);
        return Path.GetDirectoryName(path);
    }
}

Original code uses UriBuilder and its Path member which truncates the root of the network share.

Hello,

I get the following error :
-----------%<-------------------------------------
Missing method Take in assembly /usr/lib/keepass2/Plugins/KeeChallenge.dll, type System.Linq.Enumerable
System.IO.FileNotFoundException: Could not load file or assembly 'System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' or one of its dependencies.
File name: 'System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
at KeeChallenge.KeyCreation.OnClosing (System.Object o, System.Windows.Forms.FormClosingEventArgs e) [0x00000] in :0
at System.Windows.Forms.Form.OnFormClosing (System.Windows.Forms.FormClosingEventArgs e) [0x00000] in :0
at System.Windows.Forms.Form.FireClosingEvents (CloseReason reason, Boolean cancel) [0x00000] in :0
at System.Windows.Forms.Form.RaiseCloseEvents (Boolean last_check, Boolean cancel) [0x00000] in :0
at System.Windows.Forms.Form.set_DialogResult (DialogResult value) [0x00000] in :0
at (wrapper remoting-invoke-with-check) System.Windows.Forms.Form:set_DialogResult (System.Windows.Forms.DialogResult)
at System.Windows.Forms.Button.OnClick (System.EventArgs e) [0x00000] in :0
at System.Windows.Forms.ButtonBase.OnMouseUp (System.Windows.Forms.MouseEventArgs mevent) [0x00000] in :0
at System.Windows.Forms.Button.OnMouseUp (System.Windows.Forms.MouseEventArgs mevent) [0x00000] in :0
at System.Windows.Forms.Control.WmLButtonUp (System.Windows.Forms.Message& m) [0x00000] in :0
at System.Windows.Forms.Control.WndProc (System.Windows.Forms.Message& m) [0x00000] in :0
at System.Windows.Forms.ButtonBase.WndProc (System.Windows.Forms.Message& m) [0x00000] in :0
at System.Windows.Forms.Button.WndProc (System.Windows.Forms.Message& m) [0x00000] in :0
at System.Windows.Forms.Control+ControlWindowTarget.OnMessage (System.Windows.Forms.Message& m) [0x00000] in :0
at System.Windows.Forms.Control+ControlNativeWindow.WndProc (System.Windows.Forms.Message& m) [0x00000] in :0
at System.Windows.Forms.NativeWindow.WndProc (IntPtr hWnd, Msg msg, IntPtr wParam, IntPtr lParam) [0x00000] in :0
Missing method Take in assembly /usr/lib/keepass2/Plugins/KeeChallenge.dll, type System.Linq.Enumerable
-----------%<-------------------------------------

$ lsb_release -a
Distributor ID: Debian
Description: Debian GNU/Linux 8.10 (jessie)
Release: 8.10
Codename: jessie

Product: Yubikey 4 OTP+U2F+CCID
idVendor 0x1050 Yubico.com
idProduct 0x0407

How can I fix it ?

Thank you for your help.

memoefix

Setup: program the key with "Require user input (button press)" option
Whenever opening or saving the DB, the program just hangs until user presses a button on the yubikey.

The UI should pop up something like "Please press the button on yubikey to continue"

Even though the HMAC-SHA1 is still considered secure after the revelation of major flaws in the collision handling in SHA1 itself, it may be appropriate to start supporting the usage of newer algorithms like HMAC-SHA256.
That would be according to the advice to "walk away" from HAMC-SHA1 and to have an answer in case new problems with HMAC-SHA1 occur without having to hastily fix things.

It seems KeeChallenge (v1.5) is no longer compatible with the latest KeePass (v 2.41)

When trying to get keechallenge v1.2 to run in Ubuntu 14.04, I got the following error message when creating a new database:

Could not load file or assembly 'System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' or one of its dependencies. The system cannot find the file specified.

This message was not very helpful, so I tried running from CLI:

$ mono ~/KeePass/KeePass.exe
The assembly mscorlib.dll was not found or could not be loaded.
It should have been installed in the `/usr/lib/mono/2.0/mscorlib.dll' directory.

This gave me a more specific pointer as to what file was missing, and some searching quickly presented a solution, which was to install the complete mono package:

$ sudo apt-get install mono-complete

Which resolved the problem. Maybe you could add this to the FAQ?

http://opensource.yubico.com/yubikey-personalization/releases.html redirects to https://developers.yubico.com/yubikey-personalization/releases.html which results in a 404 error

Hi,
i am unable to remove the challage-response (change the Main Key did not help)

like to move to KeepassXC, for this reson in need to remove the yubikey

regards
Sascha

Hi~

I am using win10+Android, with keepass 2.47, and keepass2android.
the database created in keepass will be copied manual to gdrive, and read-only in keepass2android.

I am with a yubikey 5 NFC.

I am a newbie but in keepass I saw master key consist of

1. password and
2. keyfile OR keechallenge but not both

yet in keepass2android (most update version) there is option for password+keyfile+challenge-response for keepassXC
which means all THREE.

It will be good if on both system, I can use pwd+keyfile+challenge-response.

Could I do that on desktop with keepass + kee challenge?

thanks

Hi Brush701,

I stumbled upon this good plugin here and since I just got my Yubikey 5C NFC and wondering if I can use it as a 2FA method for my kdbx I decided to give it a test even though it's the newest key in the 5 Series family.

It works so far, although I have a question, because I had to tick "Variable Length Challenge" to make the secret key work, yet your instructions under "Running" section says:

"Ensure that the challenge is set to fixed 64 byte (the Yubikey does some odd formatting games when a variable length is used, so that's unsupported at the moment)"

And the Yubikey Manager's (Not the Personalization Tool, which, as far as I know, is no more. I am a very new hardware key user for only a few weeks transitioning as much as possible from TOTP) Challenge-Response settings only gives me 40 characters (20 bytes) hex value.

Just wondering will it give me issues in the future? I have been able to login to my database a few times so far. Thank you.

I already started a plea to the developer of yubikey-keepassx to add compatibility for Keechallenge which ultimately got declined. So I thought, I'll try it the otherway around. Maybe you are willing to adapt to yubikey-keepassx, so users could easily switch between both approaches. Thanks!

Considering a brute force threat model I would advice for the following changes:

• Do not store the symmetric key, ever.
• Use the output of the CR from the YubiKey into a DK = scrypt(Passphrase,Salt,N,p,dkLen); Use the user's password as passprhase and the CR output in Salt. If you use PBKDF2 use a high value for rounds.
• Save the new challenge, re-encrypt and save the password database

I recently updated Keepass2 to 2.35 and now I'm getting the error "Unable to connect to Yubikey" when trying to unlock my database.

I'm using Keepass2 v2.35 on Ubuntu 16.10 and keechallenge 1.5.0.

I think the problem might be similar to the one described here:
#20

but I am unable to start KeePass2 as root as it won't start using sudo od gksu.

When running two instances of KeePass (e.g. two dbs opened at the same time), and one instance is configured to use KeeChallenge slot 1 and the other instance of KeePass is using slot 2, KeeChallenge keeps picking the slot that is last saved. In other words, Keechallenge only works on one of the KeePass instance and not the other.

When i try to setup da Database with the Plugin i always get the Error secret does not math but the Key is 100% the right Key

HI
I have the following issue:
usb-stick with keepass2.41 portable + keechallenge plugin
HMAC SHA1 on slot 1 (Fixed 64 byte input and require user input)
yubikey 5 NFC
keepass.kdbx with masterkey and keyfile: "Yubikey challenge-response"

PC1 win10 1809:
insert usb stick --> open keepass.kdbx --> enter masterkey --> press yubikey --> keepass.kdbx opened

PC2 win10 1803:
insert same usb-stick --> open keepass.kdbx --> enter masterkey --> Error "Error getting response from yubikey" --> can not open keepass.kdbx

On PC2:
I try ykchalresp -1 -t and get an response
I try yubico demo auth website --> everthing works

Can you help me to solve the issue?

Hi,

First of all, thanks for this great tool.
I agree it is not necessary to modify it if it is not broken but I am still wondering is Brian is still supporting the product as I can see that the last commit was a while ago.

Thanks,

David

out of the blue, i'm now getting this error:

https://drive.google.com/file/d/1QMSyDvX-qy2K8VeAxlihtPgMWH56xhZE/view?usp=sharing

haven't updated, haven't changed. just rebooted. i've ripped it out and reinstalled, tried the portable version, downloaded new plugin, tried plugin from backup... nada. WTF. i'm locked out from the desktop and unhappy. i could understand if an update happened, but those are always manual. what is going on here? how to i fix this, like RFN?

Something went wrong with my XML I guess. But I only made a note of the secret key I used (20 byte hex) in the YubiKey Personal Tool. Is there a way to use this to unlock the DB?

If you save a copy of your DB as another file, the plugin will fail to open the new DB since it has no associated XML file.

Is this possible? I'm trying to migrate my database to KeepassXC and need to remove Keechallenge from the database first.

Hi,

We recently implemented HMAC SHA1 in OnlyKey, it is fully compatible with Yubikey's HMAC SHA1 challenge and response. We have integrated support with KeePassXC keepassxreboot/keepassxc#3352 and are looking to integrate with other projects as well. The only change required is to allow OnlyKey's USB VID/PID to be used in addition to the already allowed Yubikey USB VID/PIDs. Would you be willing to add support for OnlyKey?

Thanks!

I noticed when setting up keechallenge that it requires the yubi HMAC-SHA1 secret. I originally thought that was just for setup. But it looks like it's stored (encrypted) in an XML file. From what I can tell it's decrypted and loaded into memory. Thus increasing the chance that an attacker will be able to read the key.

Additionally the secret is encrypted with the users master password (I think) which is likely to have MUCH less entropy than the secret itself (160 random bits). So basically the strong secret is encrypted with a (probably) much less secure password.

What is the benefit of keechallenge keeping the secret around? Isn't the entire point of the yubi key to keep the secret somewhere completely offline/unavailable to an attacker?

Wouldn't it be much more secure to just send the yubi key a hash of the masterseed+password+keyfile (if used), and then encrypt the keepass database with the result of the yubikey's HMAC-SHA1? That way the secret is never on your computer (after the yubi key is initialized).

Is there some benefit to the XML file and keeping the secret around?

As @mrclschstr already posted in #38 (comment)

KeeChallenge v1.5 works fine for me with KeePass v2.41. With KeePass v2.42 and v2.42.1 I have issues unlocking my database, because my Yubikey does not blink and "offer" the key press. The unlocking simply runs into a timeout.

EDIT: The KeePass update resetted my slot in the KeeChallenge Settings dialogue. Setting up the correct slot fixed that for me!

I'd suggest to add this solution to the Common Errors section in the readme.

It really helped me with updating from Keepass 2.44 to 2.45 and this solution was hard to find.

The README says,

Users occasionally report that KeeChallenge does not work with a new version of KeePass. This occurs immediately after an update to KeePass and is easily identified by the warning message: "The following plugin is incompatible with the current KeePass version...". This error is caused by an out of date version of the file KeePass.exe.config, which lives in the KeePass install directory.

This is exactly what I get when building KeeChallenge.dll from source (using VS 2013 Update 4). Do you know what triggers the message within KeePass 2.29? I can see that KeePass.Plugins.PluginManager is catching a BadImageFormatException, but I don't know what about my built-from-source DLL is triggering that.

Alternatively, a guide on how to build from source (any gotchas?) would probably get me past this problem. Thank you.

Able to access this database on a W10 build 1909 + Android 8 device, but can't open it on my install. Currently using mono to run.

Have yet to test if there's any difference in the end result by using Wine.

To be clear: not seeing any sort of acknowledgement or response from my Yubikey. I can use it in Firefox to authenticate using FIDO/U2F but otherwise I cannot use it in Keepass2.

Hi,

as the title says, I'm am using KeePass version 2.45. After working flawlessly for a couple of days, suddenly I got the error message "The following plugin is incompatible with the current KeePass version..." on startup and wasn't able to log in my Yubikey-encrypted database any more.

I tried to reinstall KeePass after deinstalling and cleaning all related folders - to no effect. Neither worked installing the portable version instead of the regular.

Are there any other approaches to solve this I could try?`

Thanks in advance for your help!
Best regards!

This isn't really an issue, more a question for clarification...

As I understand it, whenever the database opens, KeeChallenges creates a new challenge and a new block of data which is the secret key encrypted with the expected response. Then it writes both of those into the updated XML file.

My question is: Why does it bother to do this?

I have found that using an earlier XML file with later version of the same database still allows me to open the database. So updating the XML file doesn't seem to add extra security. In fact, it might reduce security, because if an attacker collects several XML files - which all encrypt the same secret in different ways - they have more information about the encrypted secret and hence more leverage to attack it.

I realise I'm likely to be wrong. But I would welcome the explanation for the record.

(And in the unlikely event I'm right my reported issue would be a feature request: don't bother re-encrypting the secret each time, so as to increase security!)

Thanks for making the user-friendly KeeChallenge.

When try to start Keepass 2.50 with KeeChallenge_1.5, an error is shown. The dll can't used any more and so the Keepass file can't be open any more (17.03.2022). Windows 11 Version 21H2 (Build 22000.556)
Last installed on 15.03.2022: "2022-03 .NET 5.0.15 Security Update for x64 Client (KB5012416)"
Yesterday it still worked.

Hi,

I try to use KeeChallenge with a Yubikey on Linux an Android. When I create a database on Linux the KDBX file and a XML file is created. I can reopen it with the Yubikey on Linux wihtout a problem as long as I do not copy or move the files. I'm only able to open the files when they are stored in their initital location. Wen I e.g. copy it to an onter folder and I try to open it the Yubikyey gets queried and then I get the message:

Fialed to load the specified file!
The composite key is invalid!
Make sure the composite ke is correct and try agian.

The same happens when I try to sync the files by NextCloud or try to store it by WebDav as I used to do it many years without KeyChallange. Keepass2Android is also not able to open the database. I can load the XML file and the Yubikey gets queried. But then Keepass2Android tells me the same as KeepPass on Linux.

I use the latest versions of all mentioned software.

Is this a bug or what am I doing wrong?

I would prefere to use WebDav with KeePass and KeyChallange in the future as I used to without KeyChallange if possible.

I've seen this: #18 My Files are 1:1 copies so the filenames did not change. The KDBX and XML share the same basename.

TIA
Matthias

I installed keepass2 and added the plugin under Ubuntu 18.04. and want to open a database with the Yubikey Neo which was created and is still working under Windows 10 (sync with Nextcloud). I receive the error "invalid composite key" when opening. Don't know why. What could be the issue? Keyboard layout is correct etc.

Please also ship your releases as plgx.

I have a security key with HMAC-SHA1 Challenge-Response(Not Yubikey), it is not working with this plug-in. Does it support all HMAC-SHA1 Challenge-Response or just support Yubikey?

Hey guys,

iam referring to another thread because my issue started there and led me here: https://sourceforge.net/p/keepass/discussion/329221/thread/0a4cf5da/

I will try to briefly explain what happened.
A few days ago while i was updating KeePass to the last version
i saw that i can use KeePass even without any admin rights
while i used Yubikey 4 for the Challenge Response 2FA.
I tried with and without admin privilege and everything worked fine.
I then tried opening my database using the Yubikey Neo without any admin privilege.
I was able to insert my Master password but as soon as i tried to go to the next step for my 2FA it said: "YubiPromt: unable to connect to Yubikey".
I used my admin privilege again and it worked fine with the Yubikey Neo key.

Is this a well known common issue or am i just doing any major error while using your plugin?

Thank you very much in advance for your help.

Best regards,
PitchBendStretch

Context

• Operating system: GNU/Linux.
• Terminal shell: Bourne Again Shell (BASH).
• KeePass 2.28
• KeeChallenge v1.5
• KeeChallenge installation instructions followed (i.e. <dllmap dll="libykpers-1-1.dll" target="libykpers-1.so> added to KeeChallenge.dll.config, etc).

Steps to reproduce (don't use these settings for production!)

First, clear both slots of your Yubikey

Warning: this will delete your existing configurations from Yubikey slots 1 and 2. Be sure this will not cause you problems before proceeding!

$ ykpersonalize -z1
Firmware version 3.3.0 Touch level 1281 Program sequence 7

Configuration in slot 1 will be deleted

Commit? (y/n) [n]: y
$ ykpersonalize -z2
Firmware version 3.3.0 Touch level 1283 Program sequence 6

Configuration in slot 2 will be deleted

Commit? (y/n) [n]: y

Second, generate a private key comprising 40 hexadecimal characters

$ dd if=/dev/random bs=1k count=1 | sha1sum
0+1 records in
0+1 records out
115 bytes (115 B) copied, 0.000230895 s, 498 kB/s
2f04d1919aa85317ae6684b5c282d2d62fe8c08e  -

The private key is therefore 2f04d1919aa85317ae6684b5c282d2d62fe8c08e.

Third, a demonstration that KeeChallenge fails if using slot 1

Configure slot 1 with the private key generated earlier. Enter this into Terminal:

$ ykpersonalize -1 -ochal-resp -ochal-hmac -ochal-btn-trig -a

That should produce a prompt similar to the following, asking for a private key:

Firmware version 3.3.0 Touch level 1282 Program sequence 5

 HMAC key, 20 bytes (40 characters hex) :

Paste in the private key you generated earlier, and press Enter. That should result in the following message:

Configuration data to be written to key configuration 1:

fixed: m:
uid: n/a
key: h:2f04d1919aa85317ae6684b5c282d2d62fe8c08e
acc_code: h:000000000000
OATH IMF: h:0
ticket_flags: CHAL_RESP
config_flags: CHAL_HMAC|CHAL_BTN_TRIG
extended_flags: 

Commit? (y/n) [n]:

To confirm that you want to commit that new configuration to slot 1, press the y key and then the Enter key.

Then in Keepass2:

File > Change Master Key...

Check Key file / provider: and select Yubikey challenge-response from drop-down. OK.

(If queried whether you're sure if you want to use an empty master password, press Yes.)

In Enter Your Yubikey Challenge-Response Secret Key: enter

2f04d1919aa85317ae6684b5c282d2d62fe8c08e

Leave Variable Length Challenge? box unchecked.

Press OK.

Countdown window pops up with title KeyEntry and text Please press the button on your Yubikey.

Problem:

Almost immediately afterwards, and apparently regardless of whether the Yubikey button has been pressed, an error window pops up with the title Error and the text Error getting response from yubikey.

Pressing the OK button on the error window results in the countdown and error windows disappearing and being replaced with an untitled window containing the text Unable to get response from yubikey.

Pressing the OK button on the untitled window causes the untitled window to disappear, leaving the user back at the start of the problem.

Third, a demonstration that all is well if using slot 2

Configure slot 2 with the private key generated earlier, essentially as per slot 1 earlier but using a -2 flag instead of a -1 flag in the initial command. In summary:

$ ykpersonalize -2 -ochal-resp -ochal-hmac -ochal-btn-trig -a
Firmware version 3.3.0 Touch level 1282 Program sequence 4

 HMAC key, 20 bytes (40 characters hex) : 2f04d1919aa85317ae6684b5c282d2d62fe8c08e
Configuration data to be written to key configuration 2:

fixed: m:
uid: n/a
key: h:2f04d1919aa85317ae6684b5c282d2d62fe8c08e
acc_code: h:000000000000
OATH IMF: h:0
ticket_flags: CHAL_RESP
config_flags: CHAL_HMAC|CHAL_BTN_TRIG
extended_flags: 

Commit? (y/n) [n]: y

Then follow the Keepass2 steps as above, stopping just short of the Problem.

Press the button on the Yubikey.

Almost immediately, all the open subsidiary windows close and are replaced with a success window titled KeePass - Key Changed with the text Composite master key has been changed! Save the database now in order to get the new key applied.

Recommendations

A viable workaround for users who can use slot 2 with KeeChallenge is simply to use slot 2 for KeeChallenge.

However, KeeChallenge should either allow the user to select which slot to use, or should at notify the user that it expects slot 2 to be used.

That will avoid a situation arising wherein a user tries to use slot 1 with KeeChallenge, fails without helpful feedback, and simply gives up on KeeChallenge.

Please update, so it can be used with v2.47 of KeePass. Got trouble with other plugins, KeePass have to be updated. Can't access my database.

I see no option to contact the author (brush701) directly. Today I tried to download the KeeChallenge ZIP file from its main page: http://brush701.github.io/keechallenge. Google Safe Browsing reported a phishing attempt:

There was an attempt to redirect the browser to URL:
https: // github-production-release-asset-2e65be.s3.amazonaws.com/36414 ... ... disposition=attachment%3B%20filename%3DKeeChallenge_1.5.zip&response-content-type=application%2Foctet-stream

Why on earth does it need this? If you send the Yubikey data, you get a result. I have a different variant of Keepass and it has built in Yubikey c/r feature. It does not require the private key.

In my imagination, I imagine the user enters a password, the program salt-hashes it and passes that to the Yubikey and gets the response and adds that to the salted hash, then salt hash all of that and use that for the encryption key. No secret key of the Yubikey needed. But yours asks for the secret and makes me feel uneasy using it. Can this be explained so that I understand it, or it be changed to not require the private key? The private key is not always accessible after the fact when you are already using your Yubikey all over the place. Nothing else I have used needs to know the key.

KDBX 4 (finally) has a custom header area that may be used by plugins: http://keepass.info/help/kb/kdbx_4.html#exthdr

This sounds like a wonderful place to keep the XML data in and get rid of the inconvenient XML file.

Hi,

gigi@adam:~/Keepass-sources$ uname -a
Linux adam.gigi.edu 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

I try to use a second Yubikey NEO with my keepass 2.37 database and KeeChallenge.
The NEO was programmed with the right secret on slot 2 (Challenge / Response + button touch) then both slots was switched.
When I try to open the database with the new configured NEO, Keepass output error message "Padding is invalid and cannot be removed".
I can make it work if I change the master password, keeping the same secret AND checking "Variable length challenge" BUT in this case my old NEO cannot unlock the base anymore!

I assume something changed in NEO firmware between 3.4.6 and 3.4.9 in the management of the secret vs. the key challenge vs. keeChallenge (padding or length management) and make these two firmware levels incompatible to each other regarding HMAC-SHA1 challenge response with keeChallenge...
Are you aware of that issue?

Thanks.

Plugin can't connect to my yubikey 4 ("Error connecting to yubikey!" box appears). I have HMAC SHA1 on slot 2 (Fixed 64 byte input and require user input).
Yubikey firmware version: 4.3.4.
Keepass version: 2.36
OS: Windows 10 Creator's update

Thank you very much in advance for your help.

If I read the explanations correctly, KeeChallenge does this with the secret::

S = AESdec(ciphertext = Se, key = HMAC(message = C, key = S))
Se = AESenc(plaintext = S, key = HMAC(message = C, key = S))
where:

• S is the shared secret
• Se is the encrypted shared secret
• C is the challenge

Se and C are stored in the XML file
S is stored in the yubikey, it is also a key that protects the password database.

However, HMAC is usually used to verify authentication and data integrity of a message, not to generate an encryption key.

Is there proof that it is secure to use the HMAC result as an AES-key to protect the secret, to store the challenge and the encrypted secret in an XML file and to use the secret also as the key to the password database?

Hello 👋
I've bought a Nitrokey, it supports the FIDO2 standard and 2FA. Is there a way to protect my KeePass databases with it?

I've tried installing KeeChallenge on Ubuntu 18.04 using the instructions provided in the readme and in this blog post. I've also tried quite a few variations, all with the same result. However, whenever I try to open my data base I get the message Error: File .../Personal.xml could not be read correctly. Is the file corrupt? Reverting to recovery mode. I've previously only opened the database with KeePass 2 on Windows and Keepass2Android on Android.

My KeeChallenge.dll.config is:

<!--?xml version="1.0"?-->
<configuration>
<dllmap dll="libykpers-1-1.dll" target="libykpers-1.so.1"></dllmap>
<dllmap dll="libyubikey-0.dll" target="libyubikey.so.0"></dllmap>
<dllmap dll="libjson-c-2.dll" target="libjson-c.so.2"></dllmap>
<dllmap dll="libjson-0.dll" target="libjson.so.0"></dllmap>
</configuration>

I've install mono-complete and made sure that all of these object files are in /usr/lib. Any ideas?

Hi there,

I have an issue with opening database created in KeePassX and upgraded to OTP secret in KeePassXC.

This is my KeePass installation directory tree:

PS C:\Program Files\KeePass Password Safe 2> tree /f
Структура папок
Серийный номер тома: 007A-B001
C:.
│   KeePass.chm
│   KeePass.config.xml
│   KeePass.exe
│   KeePass.exe.config
│   KeePass.XmlSerializers.dll
│   KeePassLibC32.dll
│   KeePassLibC64.dll
│   License.txt
│   ShInstUtil.exe
│   unins000.dat
│   unins000.exe
│
├───Languages
├───Plugins
│   │   KeeAnywhere-2.0.3.plgx
│   │
│   └───KeeChallenge_1.5
│       │   KeeChallenge.dll
│       │   KeeChallenge.dll.config
│       │
│       ├───32bit
│       │       libjson-0.dll
│       │       libjson-c-2.dll
│       │       libykpers-1-1.dll
│       │       libyubikey-0.dll
│       │
│       └───64bit
│               libjson-0.dll
│               libjson-c-2.dll
│               libykpers-1-1.dll
│               libyubikey-0.dll
│
└───XSL
       KDBX_Common.xsl
       KDBX_DetailsFull_HTML.xsl
       KDBX_DetailsLight_HTML.xsl
       KDBX_PasswordsOnly_TXT.xsl
       KDBX_Tabular_HTML.xsl 

Placing dll's into directory with KeeChallenge.dll didn't help. Also placing all dlls into the directory with KeePass's exe file didn't help too.

Tried to open local file and change the slot, nothing helped.

Error message:
.

In my scenario, KeePass with KeeChallange is used with Windows 10 und Ubuntu Linux. Files from both systems are synchronized, using owncloud.

When opening the KeePass file under Windows, the KeePass.xml (that belongs to KeePass.kdbx) is sometimes rewritten (probably if I save changes?). The new filename is KEEPASS.XML, showing Windows' ignorance for filename case sensitivity. As soon as I try to open my KeePass file, I am shown a message that my KEEPASS.XML is invalid, and I should use the fallback method.

Fortunately, owncloud allows me to change the XML file back to it's last version (which was saved under Linux), and then everything works fine. However, it would be easier if the Linux version of KeeChallange could just handle the Windows files. As the Windows XML file is slightly larger, I assume, it's possibly just a matter of newline characters...

I have tried using the config file from the portable install as well as an uninstall/reinstall of KP2.34

This is the error message I get as of today (nothing before today):