KeepassXC: HMAC mismatch after restoring new backup file

Suddenly I am getting an “HMAC mismatch” when trying to unlock my KeepassXC database with the same Onlykey that worked a few hours ago.

What could cause this?

Could reflashing the firmware or restoring a backup have an impact?

I met the issues today, but I have a backup of the secret key used so I just re-loaded the secret key.

I’m not sure way this happened, I do re-flashed the firmware but it may also just because I forgot to save the KeePass database.

I will test it… soon…

How do you know the secret key for the HMAC challenge-response?

Yes, if you restore a backup that would restore the HMAC key from your backup to your key.

Just verified that, and that seems to work indeed:

I have set the HMAC secret key to a randomly generated 20-byte hex sequence via onlykey-cli, taken a backup, restored it on another key, and that key works as hardware key for the KeepassXC database.

Still not sure what happened – I’ll keep an eye on this and report back if there are issues with this in the future.