I'm testing Yubico YubiKey 5 NFC. I use KeePassXC to save sensible information. KeePassXC accepts YubiKeys, but only one. Is it possible to add more than one to a .kdbx file?

Having two different seeds in two separate YubiKeys is not possible. You need to add the same seed to the other YubiKey to keep a copy of it. Documentation states:

What happens if I break my YubiKey? Can I create backup keys?

You should always make a copy of the HMAC secret that is stored on the YubiKey and keep it in a secure location. This can be an analog paper copy, but since the YubiKey personalization tool allows you to program a custom secret into the key, you may as well program a second key with the same secret

Can I register multiple YubiKeys with my KeePassXC database?

You can only use a single secret for encrypting the database. So you can use multiple YubiKeys, but they all have to be programmed with the same secret (see question above).

The explanation to setup same id in slot 2 in two YubiKeys is here. To the second key you must copy & paste the same seed.

Recommend to use a strong master password on top of the YubiKeys & save the DB regularly to generate new challenge/response pairs. Far from perfect but better than just a password. The following method (Challenge-response with HMAC-SHA1) works on Ubuntu with KeePassXC v2.6.2 and 2x YubiKey 5 NFC with firmware v5.4.3:

1. Install ykman (part of yubikey-manager)

$ sudo apt-get install yubikey-manager        

2. Check that slot#2 is empty in both key#1 and key#2. You will be overwriting slot#2 on both keys.

$ ykman otp info 
Slot 1: programmed
Slot 2: empty

3. Generate a base32-encoded secret seed (ex: "SECRETSEED") that will be programmed into both keys. RFC2104 recommends that your seed is as long as the underlying hash function (20 bytes for SHA1)

$ base32
SECRETSEED<Enter>
CTRL+D
BASE32SECRETSEED
$

Note that the above method adds a CR to the seed. Store SECRETSEED somewhere safe (ideally not digitally) in case you lose both keys

4. Program the resulting "BASE32SECRETSEED" to key#1 and key#2

$ ykman otp chalresp -t 2
Enter a secret key: BASE32SECRETSEED
Program a challenge-response credential in slot 2? [y/N]: y

5. Verify the same challenge gives you the same response using both keys

$ ykman otp calculate 2 
Enter a challenge (hex): deadbeef
Touch your YubiKey...
aabbccdd11223344556677889900aabbccdd1122

6. Add one of your keys to your KeePassXC database

Database > Database Security > Add additional protection > Add YubiKey Challenge-Response

7. Both keys should now work to unlock/save your DB

Refs:

• https://developers.yubico.com/Developer_Program/Guides/Touch_triggered_OTP.html
• https://github.com/Yubico/python-yubico/blob/master/examples/rolling_challenge_response
• https://wiki.archlinux.org/title/YubiKey
• https://www.rfc-editor.org/rfc/rfc2104