Skip to content

Authnkey

F-Droid

Open source

Passkey credential provider for hardware security keys

Version
1.2.4
Size
2.4 MB
Updated
Jun 18, 2026
Get from Download APK (v1.2.4)
Signing certificate on record

About this app

Authnkey is a credential provider that lets you use FIDO2 security keys (like YubiKey, SoloKey, Nitrokey, or Token2) for passkey authentication on Android.

Android's built-in WebAuthn support has a significant gap: it does not support CTAP2 over NFC. This means you cannot use PIN-protected passkeys or discoverable credentials with NFC security keys — you're limited to basic U2F tap-to-authenticate. Authnkey fills this gap by implementing the full CTAP2 protocol.

The app registers as a credential provider, so any app or browser that supports the Android Credential Manager API will offer Authnkey as an option when passkeys are requested.

This also works on devices without Google Play Services, since Authnkey implements the CTAP2 protocol directly rather than relying on Google's FIDO2 API.

Supported features: - Passkey creation and authentication - PIN verification - Discoverable credentials - Multiple accounts per site - NFC and USB transports

No root required.

Licensed under MIT, by Michel Le Bihan.

OfficialSignature VerifiedOpen Source

What's New in v1.2.4

Imported from the F-Droid repository index.

  • - Fix correct PINs being rejected with some security keys
  • - Fix passkey creation failing when a PIN prompt was required
  • - Add support for setting the app's language in system settings
  • New translations:
  • - German by Ranger

Version history

v1.2.4Latest
Signature continuous

Jun 18, 2026 · 2.4 MB · Android API 3436 · code 11

Imported from the F-Droid repository index.

  • - Fix correct PINs being rejected with some security keys
  • - Fix passkey creation failing when a PIN prompt was required
  • - Add support for setting the app's language in system settings
  • New translations:
  • - German by Ranger
NFCUSE_BIOMETRICUSE_FINGERPRINTpl.lebihan.authnkey.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

SHA-256 736001adc2b1305bfe5bf58b259eb6338f19f890650cf1e3bb135b063236a011

v1.2.3
Signature continuous

Apr 14, 2026 · 2.4 MB · Android API 3436 · code 10

Imported from the F-Droid repository index.

  • - Show supported user verification methods in device info dialog
  • - Handle keys where PIN does not grant passkey creation and authentication permissions
  • - Update privileged apps list, adding iodé Browser among others
  • New translations:
  • - Danish by Peder Thorsø
NFCUSE_BIOMETRICUSE_FINGERPRINTpl.lebihan.authnkey.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

SHA-256 922ed4a4c420e34a14c4d9c5d70ff36e364c7c24022c12cd35149d450ae3ed9e

v1.2.2
Signature continuous

Mar 29, 2026 · 2.8 MB · Android API 3436 · code 9

Imported from the F-Droid repository index.

  • - Add support for on-device user verification on CTAP 2.0 security keys
  • - Prevent some USB security keys from suppressing the on-screen keyboard
NFCUSE_BIOMETRICUSE_FINGERPRINTpl.lebihan.authnkey.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

SHA-256 b1e9a2366640e26cdb652d0875bb3c1fb3cefef301fe5f5908bc5532c5e775c3

Will it run on your device?

CompatibilityCheck the requirements

60%

  • Targets newer Android builds, so legacy devices may be excluded.
  • ABI coverage is focused on newer 64-bit devices.
  • Aligned with the latest Android target SDK expectations.
What changed in this release
Size delta
0 MB
Added permissions
None
Removed permissions
None

Installation Guide

1

Open Settings on your Android device

2

Go to Security → Unknown sources (or Install unknown apps)

3

Enable "Allow from this source" for your browser or file manager

4

Open the downloaded APK file from your Downloads folder

5

Tap "Install" and wait for installation to complete

6

Launch the app from your home screen

Make sure to re-enable Unknown Sources restrictions after installation for security.

How to install this safely

How to verify the file you downloaded

Before you install anything, confirm the file is the one described here. On a computer, run shasum -a 256 your-download.apk (macOS or Linux) or certutil -hashfile your-download.apk SHA256 (Windows), then compare the output character-for-character with the SHA-256 on this page. If a single character differs, the file is not the build we recorded — delete it.

What the signing certificate proves

Every Android app is signed with a private key that only its developer holds. The fingerprint on this page is a hash of the matching public certificate, and it proves continuity rather than identity: it tells you a build came from whoever signed the earlier ones. Android enforces this at install time — if a package claiming to be pl.lebihan.authnkey is signed with a different key, the system will refuse to install it over your existing copy. A fingerprint that changes between releases is worth pausing on, because a repackaged app that has been modified by someone else cannot keep the original signature.

How to roll back to an earlier version

If the current release misbehaves, 1.2.3 is the last build before it. Android will not install an older version code over a newer one, so you must uninstall Authnkey first — which clears its local data unless you have a backup. Reinstall the older APK only if its signing fingerprint matches the build you already trust, and check the API range: an older release may target an Android version your device has moved past.

Why we list sources instead of hosting everything

The official store channel is almost always the right choice: it updates automatically and carries the publisher's own distribution guarantees. A direct APK is useful when a device has no store access, when a rollout has not reached your region, or when you need a specific version — and only when the publisher has authorized that copy. APKBrowse does not list pirated, cracked, or unauthorized rebuilds of Authnkey, and a listing is removed when the evidence for it stops holding up.

Get Authnkey

Every source we list for pl.lebihan.authnkey is legality-reviewed. Pirated or cracked builds are never offered.

Other sources

F-Droid listing

official

F-Droid builds this app from source and signs it. This is its official listing, with older builds and full release notes.

Source code

verified publisher

The upstream repository this build is compiled from.

We check legality and signature continuity, but device behaviour still varies. Install at your own discretion.

App Information

Developer
F-Droid
Category
Security Privacy
Android
14+
Architectures
Version
1.2.4 (code 11)
Size
2.4 MB
Updated
Jun 18, 2026
Package name
pl.lebihan.authnkey

Security Verification

File integrity
SHA-256 recorded
Signing certificate
Fingerprint on record
Official source
Download APK (v1.2.4)

We record provenance; we do not run malware scans. Verify the hash yourself before installing.

SHA-256 Hash

736001adc2b1305bfe5bf58b259eb6338f19f890650cf1e3bb135b063236a011

Signing certificate

bbf5d7bed82b5b9b9f8d9825e620464c8a28ed6c7a1eb098dfc1f972df9c580b

Permissions Required

NFC
USE_BIOMETRIC
USE_FINGERPRINT
pl.lebihan.authnkey.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Previous Versions

Signature verified

The signing certificate fingerprint for this release is on record, so a build that does not match it did not come from this publisher.

Report a problem with this listing

A listing is only as good as its corrections. If a source is broken, a signature looks wrong, or this app should not be here, tell the moderation team.

Report a problem