2.1.2 firmware update-HMAC for KeepassXC

I had the same issues as I had with previous firmware versions.

You must remove the HMAC challenge from KeepassXC as it will not be preserved from 2.1.1 to 2.1.2, nor will it be preserved by restoring a backup.

The only way to proceed is to remove HMAC from KeepassXC, upgrade to 2.1.2, and then add HMAC back to Keepass

I just tried to reproduce this issue but no luck. I created two KeepassXC databases, one using HMAC slot 1 using the default settings, one using HMAC slot 2 using a custom key set like described here - OnlyKey User's Guide | Docs

Both databases were locked, the OnlyKey was upraded from v2.1.1 firmware to v2.1.2 and then OnlyKey was used to unlock databases with no issue found.

I’m using 2.6.4 on KeepassXC. Let me backrev the key and see what happens

Using KeepassXC 2.6.4, doing an update to 2.1.2, I get

Error while reading the database Invalid credentials provided HMAC mismatch

This sounds like what happened to me, but I don’t know how to “backrev” the key…do I just need to “update” to the old firmware as a TXT file? Where could I download the old firmware as a TXT?
As soon as I updated the firmware, KeePassXC stopped accepting it saying HMAC mismatch. I even tried loading the HMAC secret back onto the OnlyKey in case somehow the firmware changed it, but no luck. I tried it with an older copy of my KeePassXC database in case it had gotten corrupted, but that didn’t work. I’ve managed to export the passwords from another device that was still logged in, but I’m not sure how to recover my KBDX file. I guess worst case scenario I can start over, importing my exported passwords.

If you are upgrading from older firmware, before v2.1.0 then you have to follow the steps here for KeepassXC - KeepassXC Upgrade Guide | Docs

If you are upgrading from v2.1.0 or from v2.1.1 there are no known issues though. I have attempted to reproduce issues but am unable to see any issues. If you experience issues you can downgrade firmware from v2.1.2 back to v2.1.1 and report what you found here and I will attempt to reproduce the issue you are seeing.

I’m not sure what firmware I was upgrading from. I thought it was v2.1.0 or v2.1.1, but I guess it’s possible it was older.

I ended up finding the old firmware TXT files at Releases · trustcrypto/OnlyKey-Firmware · GitHub. No matter which one I went to (beta 8 and newer), and despite restoring my OnlyKey’s backup, KeepassXC wouldn’t let me log in. I’m not sure what I did wrong. In the end, I imported the KeepassXC XML I had managed to export and just made a new password database.

you have to restore the firmware to 2.1.1 and then restore the backup of the onlykey. I have 2.1.1 if you need me to send it to you. Which, based on your post, doesn’t look like you do.

All of the firmware releases are here - Releases · trustcrypto/OnlyKey-Firmware · GitHub

This happened to me too, for what it’s worth. Restored backups didn’t fix it, but downgrading firmware and going through the pre-2.1.0 firmware upgrade steps did. However, I’m not 100% sure what firmware I was on previously. I do know that I was not getting the “there’s new firmware available, wanna do something about it?” message until 2.1.2 landed, so I’m almost certain I was on 2.1.1. I might find time this weekend to try grading up and down and see whether I can reproduce consistently.

I had the same issue after the last firmware update 2.1.2. Lucky me I had a second KeePassXC Database.

KeePassXC Version is 2.6.6 by the way, but I don’t know the former firmware version anymore, but I updated the key regulary.

Btw. on OSX Monterey the new app 5.3.4 won’t close via menue or Command+Q. A klick on the red windows button works though.