hyl.st
nix config
1#!/usr/bin/env bash
2key_length=512
3iterations="$(head -n 2 /boot/crypted-storage/default)"
4salt="$(head -n 1 /boot/crypted-storage/default)"
5chal="$(echo -n $salt | openssl dgst -binary -sha512 | rbtohex)"
6resp="$(ykchalresp -2 -x $chal 2>/dev/null)"
7user_key="$(read -s)"
8luks_key="$(echo -n $user_key | pbkdf2-sha512 $(($key_length / 8)) $iterations $resp | rbtohex)"
9echo -n $luks_key | hextorb | sudo cryptsetup luksOpen /dev/sda2 crypted --key-file=-