Google Sync Plugin with Yubikey (and other smartcards)

[Sevo Stille]

When protecting Keepass with hardware tokens (whether C-R or OTP), the token state is stored in a second file (databasename.xml) alongside the database. I propose that the Google Sync Plugin should be configurable to sync that file (by date/time, newest will suffice) along with the database. Preferably a file name that can be specified in the configuration, as other smart card plugins might require a different nomenclature.

[S Weber]

Second that. I would like to use this plugin alongside my Yubikey, but it will not work without this feature

[PhoneixS]

But if you have the key file in the same folder (and device) as your database, it's against the pruporse of having another file to authenticate.

[S Weber]

The XML-File doesn't directly function as a key file. It contains the key to decrypt the database. But that key is encrypted using a second factor(either Challenge-Response or One Time Passwords), so that you need said factor in order to decrypt your database. Not having the XML-File means that you can't use a second factor as protection for your database. You can sync it manually with Google Drive aswell, but the inconvenience makes it impractical for most people.

[Uranium235]

Does the file even change when you use the Key or is it static as long as you have the same YubiKey?
In the static case I don't see any need for this plugin to sync that file.
And it's not a second factor in that case, is it? All you need is your YubiKey, if I understand you correctly. That's just one factor. Or do you still need to enter the DB password as well?