Keepassxc 2.7.6 does not detect nk3a mini (fw 1.5.0)

KeepassXC 2.7.6 was released last week with alleged support for unlocking using a nitrokey 3 as per Release Release 2.7.6 · keepassxreboot/keepassxc · GitHub

Support on the nk3 side was shipped in fw 1.5.0 Release v1.5.0 · Nitrokey/nitrokey-3-firmware · GitHub

However… keepassxc does not seem to detect my nk3a mini… :frowning:

karthanis@karth-dev-book ~ % nitropy nk3 status
Command line tool to interact with Nitrokey devices 0.4.39
UUID:               <redacted>
Firmware version:   v1.5.0
Init status:        ok
Free blocks (int):  237
Free blocks (ext):  474
Variant:            NRF52
KeePassXC - Version 2.7.6
Revision: dd21def

Qt 5.15.10
Debugging mode is disabled.

Operating system: Arch Linux
CPU architecture: x86_64
Kernel: linux 6.4.11-arch2-1

Enabled extensions:
- Auto-Type
- Browser Integration
- SSH Agent
- KeeShare
- YubiKey
- Secret Service Integration

Cryptographic libraries:
- Botan 3.1.1

HMAC Challenge-Response was configured on nk3a mini:

karthanis@karth-dev-book ~ % nitropy nk3 secrets list
Command line tool to interact with Nitrokey devices 0.4.39
01. HmacSlot1	Hmac/Sha1

I did some troubleshooting using this thread: How to use HMAC-SHA1 Challenge Response with NK3 · Issue #281 · Nitrokey/nitrokey-3-firmware · GitHub

  • pcscd is running
karthanis@karth-dev-book ~ % systemctl status pcscd
● pcscd.service - PC/SC Smart Card Daemon
     Loaded: loaded (/usr/lib/systemd/system/pcscd.service; indirect; preset: disabled)
     Active: active (running) since Tue 2023-08-22 20:41:19 CEST; 6min ago
TriggeredBy: ● pcscd.socket
       Docs: man:pcscd(8)
   Main PID: 26143 (pcscd)
      Tasks: 9 (limit: 9360)
     Memory: 2.8M
        CPU: 353ms
     CGroup: /system.slice/pcscd.service
             └─26143 /usr/bin/pcscd --foreground --auto-exit

août 22 20:41:19 karth-dev-book systemd[1]: Started PC/SC Smart Card Daemon.

meh… after a lot of poking around (take out and plug back the nk3, restarting daemons and keepassxc…) it finally worked… so I guess all the parts are there, just that I don’t fully understand how I eventually bashed them into a working state.

The last thing I did before it started working was to enable pcsc-spy on keepassxc pcsc-spy(1) — Arch manual pages

1 Like