[pkg-cryptsetup-devel] Question about smartcard and decrypt_opensc script
Pascal Vibet - ADACIS
pvibet at gmail.com
Thu Jul 12 14:41:17 BST 2018
Hi,
i'm using smartcard to decrypt my encrypted disk, so i change in
/etc/crypttab the line like this:
sdb5_crypt UUID=16a46... /root/encryptedkey.pkcs1
luks,keyscript=decrypt_opensc,discard
All works fine but what i will do if i loose my smartcard or i forget
it (or maybe someone steals it).
I have to boot on busybox, decrypt in CLI the encryptdisk disk (i don't
remove my luks password), chroot on my decrypted disk, remove old
parameters in /etc/crypttab file for using smartcard, apply
modifications in initramfs and reboot for use luks password.
Could you modify decrypt_opensc script for using another capabilty to
decrypt (like luks password) ?
I write this patch in /lib/cryptsetup/scripts/decrypt_opensc:
41a42,46
> if [ $? -eq 0 ]; then
> echo "Failed to decrypt using smartcard..." >&2
> plymouth ask-for-password --prompt "Try LUKS password: "
> fi
>
i publish modifications to use luks password and usbkey on my github:
https://github.com/swoopla/smartcard-luks
Could you give my a feedback on my proposition or/and my gihub ?
Cheers,
More information about the pkg-cryptsetup-devel
mailing list