File: key-script

package info (click to toggle)
yubikey-luks 0.3.3+3.ge11e4c1-1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 104 kB
  • ctags: 8
  • sloc: sh: 169; makefile: 33
file content (48 lines) | stat: -rwxr-xr-x 1,072 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#! /bin/sh
#
# This is /sbin/ykluks-keyscript, which gets called when unlocking the disk
#
set -e

message()
{
    if [ -x /bin/plymouth ] && plymouth --ping; then
        plymouth message --text="$@"
    else
        echo "$@" >&2
    fi
    return 0
}

check_yubikey_present() {
    ykchalresp -2 AreYouThere > /dev/null 2>%1
    return $?
}

udevadm settle || true

# source for log_*_msg() functions, see LP: #272301
. /scripts/functions

if [ -z "$cryptkeyscript" ]; then
	cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: "
	if [ -x /bin/plymouth ] && plymouth --ping; then
    	cryptkeyscript="plymouth ask-for-password --prompt"
	    cryptkey=$(printf "$cryptkey")
    else
        cryptkeyscript="/lib/cryptsetup/askpass"
    fi
fi

PW="$($cryptkeyscript "Please insert yubikey and press enter or enter a valid passphrase")"
	
if check_yubikey_present; then
	message "Accessing yubikey..."
    R="$(ykchalresp -2 "$PW" 2>/dev/null || true)"
	message "Retrieved the response from the Yubikey"
	echo -n "$R"
else
	echo -n "$PW"
fi

exit 0