Suddenly I am getting an “HMAC mismatch” when trying to unlock my KeepassXC database with the same Onlykey that worked a few hours ago.
What could cause this?
Could reflashing the firmware or restoring a backup have an impact?
I met the issues today, but I have a backup of the secret key used so I just re-loaded the secret key.
I’m not sure way this happened, I do re-flashed the firmware but it may also just because I forgot to save the KeePass database.
I will test it… soon…
How do you know the secret key for the HMAC challenge-response?
Yes, if you restore a backup that would restore the HMAC key from your backup to your key.
Just verified that, and that seems to work indeed:
I have set the HMAC secret key to a randomly generated 20-byte hex sequence via onlykey-cli, taken a backup, restored it on another key, and that key works as hardware key for the KeepassXC database.
Still not sure what happened – I’ll keep an eye on this and report back if there are issues with this in the future.