Skip to main content

Posts

Showing posts from October, 2012

A non-intrusive way of storing LUKS keys on PKCS #15 smart cards

If you ever wanted to store your LUKS key on a smart card and started to search the internet for solutions, you'd be disappointed. The best guide I managed to find is https://wiki.ubuntu.com/SmartCardLUKSDiskEncryption which wants you to change your transport AUT1 key and uses a whole bunch of various scripts. It's written for usplash as well which isn't really used anymore. I was amazed of the state of things and after a bit of tinkering I got everything running as a standard PKCS#15 data object and with only two scripts needed. Oh, and it has support for the awesome plymouthd. You'll need: An initialized (PINs etc.) PKCS#15 capable smart card A reader supported by OpenSC opensc, pcscd