From 0498dd512161b7fb07e703e03bc9b8ca8b3dd400 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 22 Dec 2014 22:03:21 +0100 Subject: replace shell script with C code, and many more * place bin/ykfde with C source code bin/ykfde.c * challenge/response can be updated in place WARNING: This required config file syntax change! * updates and simplification to udev/ykfde * a lot more... Signed-off-by: Christian Hesse --- conf/ykfde.conf | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'conf') diff --git a/conf/ykfde.conf b/conf/ykfde.conf index af25ad7..0525053 100644 --- a/conf/ykfde.conf +++ b/conf/ykfde.conf @@ -1,8 +1,20 @@ [general] -# Specify what Yubikey slot to use for full disk encryption +# Specify what Yubikey slot to use for full disk encryption. +# This is just the system default, you can configure one or more +# Yubikeys below. # The specified slot has to be configured for HMAC-SHA1. -slot = 2 +yk slot = 2 -# you can specify slot for one or more specific Yubikeys as well +# This is the LUKS device. Make sure you use the name, not +# block device, e.g. it has to match first column of +# /etc/crypttab.initramfs. +device name = crypt + +# For every Yubikey in use add a section here. +# * 'yk slot' is optional and only required for keys differing +# from system default. +# * 'luks slot' is required to make sure one Yukikey is associated +# with exactly one LUKS slot! #[1234567] -#slot = 1 +#yk slot = 1 +#luks slot = 1 -- cgit v1.2.3-70-g09d2