hyl.st
1#!/usr/bin/env bash
2
3# nix-shell https://github.com/sgillespie/nixos-yubikey-luks/archive/master.tar.gz
4
5rbtohex() {
6 ( od -An -vtx1 | tr -d ' \n' )
7}
8
9hextorb() {
10 ( tr '[:lower:]' '[:upper:]' | sed -e 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI'| xargs printf )
11}
12
13key_length=512
14iterations=1000000
15salt="$(head -n 1 /mnt/crypt-storage/default)"
16chal="$(echo -n $salt | openssl dgst -binary -sha512 | rbtohex)"
17resp="$(ykchalresp -2 -x $chal 2>/dev/null)"
18user_key=
19read -r user_key
20luks_key="$(echo -n $user_key | pbkdf2-sha512 $(($key_length / 8)) $iterations $resp | rbtohex)"
21echo -n $luks_key | hextorb | sudo cryptsetup luksOpen /dev/sda2 crypted --key-file=-