Passkey credential provider for hardware security keys
About this app
Authnkey is a credential provider that lets you use FIDO2 security keys (like YubiKey, SoloKey, Nitrokey, or Token2) for passkey authentication on Android.
Android's built-in WebAuthn support has a significant gap: it does not support CTAP2 over NFC. This means you cannot use PIN-protected passkeys or discoverable credentials with NFC security keys — you're limited to basic U2F tap-to-authenticate. Authnkey fills this gap by implementing the full CTAP2 protocol.
The app registers as a credential provider, so any app or browser that supports the Android Credential Manager API will offer Authnkey as an option when passkeys are requested.
This also works on devices without Google Play Services, since Authnkey implements the CTAP2 protocol directly rather than relying on Google's FIDO2 API.
Supported features: - Passkey creation and authentication - PIN verification - Discoverable credentials - Multiple accounts per site - NFC and USB transports
No root required.
Licensed under MIT, by Michel Le Bihan.
What's New in v1.2.4
Imported from the F-Droid repository index.
- - Fix correct PINs being rejected with some security keys
- - Fix passkey creation failing when a PIN prompt was required
- - Add support for setting the app's language in system settings
- New translations:
- - German by Ranger
Version history
Jun 18, 2026 · 2.4 MB · Android API 34–36 · code 11
Imported from the F-Droid repository index.
- - Fix correct PINs being rejected with some security keys
- - Fix passkey creation failing when a PIN prompt was required
- - Add support for setting the app's language in system settings
- New translations:
- - German by Ranger
SHA-256 736001adc2b1305bfe5bf58b259eb6338f19f890650cf1e3bb135b063236a011
Apr 14, 2026 · 2.4 MB · Android API 34–36 · code 10
Imported from the F-Droid repository index.
- - Show supported user verification methods in device info dialog
- - Handle keys where PIN does not grant passkey creation and authentication permissions
- - Update privileged apps list, adding iodé Browser among others
- New translations:
- - Danish by Peder Thorsø
SHA-256 922ed4a4c420e34a14c4d9c5d70ff36e364c7c24022c12cd35149d450ae3ed9e
Mar 29, 2026 · 2.8 MB · Android API 34–36 · code 9
Imported from the F-Droid repository index.
- - Add support for on-device user verification on CTAP 2.0 security keys
- - Prevent some USB security keys from suppressing the on-screen keyboard
SHA-256 b1e9a2366640e26cdb652d0875bb3c1fb3cefef301fe5f5908bc5532c5e775c3
Will it run on your device?
60%
- Targets newer Android builds, so legacy devices may be excluded.
- ABI coverage is focused on newer 64-bit devices.
- Aligned with the latest Android target SDK expectations.
Installation Guide
Open Settings on your Android device
Go to Security → Unknown sources (or Install unknown apps)
Enable "Allow from this source" for your browser or file manager
Open the downloaded APK file from your Downloads folder
Tap "Install" and wait for installation to complete
Launch the app from your home screen
Make sure to re-enable Unknown Sources restrictions after installation for security.
How to install this safely
How to verify the file you downloaded
Before you install anything, confirm the file is the one described here. On a computer, run shasum -a 256 your-download.apk (macOS or Linux) or certutil -hashfile your-download.apk SHA256 (Windows), then compare the output character-for-character with the SHA-256 on this page. If a single character differs, the file is not the build we recorded — delete it.
What the signing certificate proves
Every Android app is signed with a private key that only its developer holds. The fingerprint on this page is a hash of the matching public certificate, and it proves continuity rather than identity: it tells you a build came from whoever signed the earlier ones. Android enforces this at install time — if a package claiming to be pl.lebihan.authnkey is signed with a different key, the system will refuse to install it over your existing copy. A fingerprint that changes between releases is worth pausing on, because a repackaged app that has been modified by someone else cannot keep the original signature.
How to roll back to an earlier version
If the current release misbehaves, 1.2.3 is the last build before it. Android will not install an older version code over a newer one, so you must uninstall Authnkey first — which clears its local data unless you have a backup. Reinstall the older APK only if its signing fingerprint matches the build you already trust, and check the API range: an older release may target an Android version your device has moved past.
Why we list sources instead of hosting everything
The official store channel is almost always the right choice: it updates automatically and carries the publisher's own distribution guarantees. A direct APK is useful when a device has no store access, when a rollout has not reached your region, or when you need a specific version — and only when the publisher has authorized that copy. APKBrowse does not list pirated, cracked, or unauthorized rebuilds of Authnkey, and a listing is removed when the evidence for it stops holding up.
Get Authnkey
Every source we list for pl.lebihan.authnkey is legality-reviewed. Pirated or cracked builds are never offered.
Other sources
F-Droid listing
officialF-Droid builds this app from source and signs it. This is its official listing, with older builds and full release notes.
Source code
verified publisherThe upstream repository this build is compiled from.
We check legality and signature continuity, but device behaviour still varies. Install at your own discretion.
App Information
Security Verification
We record provenance; we do not run malware scans. Verify the hash yourself before installing.
SHA-256 Hash
736001adc2b1305bfe5bf58b259eb6338f19f890650cf1e3bb135b063236a011
Signing certificate
bbf5d7bed82b5b9b9f8d9825e620464c8a28ed6c7a1eb098dfc1f972df9c580b
Permissions Required
Previous Versions
The signing certificate fingerprint for this release is on record, so a build that does not match it did not come from this publisher.
Report a problem with this listing
A listing is only as good as its corrections. If a source is broken, a signature looks wrong, or this app should not be here, tell the moderation team.