If you somehow lose your YubiKey device which you’ve been using to protect your database, all is not lost. So long as you know the ‘secret’ that you programmed your device with originally. Of course when you program your YubiKey device to work with KeePass databases (HMAC-SHA1 Challenge Response mode) you should store the secret used somewhere very safe.

So as long as you have that secret stored somewhere, you will be able to unlock your database using Strongbox even if you lose the device. Having that secret is vital.

To Unlock a database that was protected by your YubiKey without that Yubikey device you need to do the following:

1) Go to Preferences (Gear icon in top right of Strongbox home screen)

2) Tap ‘Advanced Preferences’

3) Turn on ‘Show YubiKey Secret Workaround Field’

Once you’ve done that you can tap on your database to begin the Unlock procedure. You will need to make sure this is in Manual Unlock mode, i.e. it asks for Password, Key File etc and not via Convenience Unlock (Touch/Face ID or PIN code).

In the manual unlock screen you will notice a new field called YubiKey Secret. Here you will enter your YubiKey secret that you safely stored for just this eventuality.

NB: You have the option to prefix a capital ‘P’ here to your secret. This may or may not be needed and if at first the unlock doesn’t work without the P, the try adding the P before your secret. The reasons for this are quite technical (Fixed vs Variable input configured when you programmed your key).

Once you’ve entered your master password, key file and YubiKey secret, make sure you have configured the YubiKey field to ‘None’. Any configured YubiKey will override any entered secret.

You should now be able to unlock, edit and otherwise access your YubiKey protected database. At this point you probably want to remove the YubiKey protection because you no longer have the device.You can do that by tapping the ‘Preferences’ icon in the bottom left corner, selecting ‘Database Operations’ > ‘Change Master Credentials’.


Categories: GeneralFAQ

Mark McGuill

Strongbox Founder