HMAC-SHA1 broken on the current version of OnlyKey FW and/or Utilities

Following the guide at OnlyKey User's Guide | Docs and using Yubikey as the reference, HMAC-SHA1 Challenge Response from OnlyKey is not the same as the Challenge Response from Yubikey using the same key. 20 bytes HMAC-SHA1 key was configured using CLI on OnlyKey to both 130 9 and 129 9, with positive CLI confirmation (ECC key set).

Can anyone confirm this issue?

Sorry to hear you are having issues. We have lots of users actively using HMAC SHA1 with KeepassXC so its definitely not broken.

I have attempted to reproduce your issue but no luck, both OnlyKey and Yubikey generate the same challenge response given they have the same key set:

Set key to YubiKey

Set same key to OnlyKey


You can then create a KeepassXC database and unlock with either OnlyKey or Yubikey interchangeably.