Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Modified version of Debian's cryptsetup hook for GnuPG Smartcard unlock
#!/bin/sh
if [ -d "/cryptroot/gnupghome" ]; then
export GNUPGHOME="/cryptroot/gnupghome"
fi
run_gpg() {
/usr/bin/gpg --no-options --trust-model=always "$@"
}
decrypt_gpg () {
if ! /lib/cryptsetup/askpass "Enter smartcard PIN: " | \
run_gpg --quiet --batch \
--pinentry-mode loopback --passphrase-fd 0 \
--no-tty --decrypt -- "$1"; then
return 1
fi
return 0
}
if ! run_gpg --batch --quiet --no-tty --card-status >/dev/null; then
echo "Please insert OpenPGP SmartCard..." >&2
fi
if [ ! -x /usr/bin/gpg ]; then
echo "$0: /usr/bin/gpg is not available" >&2
exit 1
fi
if [ -z "$1" ] || [ ! -f "$1" ]; then
echo "$0: missing key as argument" >&2
exit 1
fi
decrypt_gpg "$1"
exit $?
@AfroThundr3007730

This comment has been minimized.

Copy link
Owner Author

@AfroThundr3007730 AfroThundr3007730 commented Jul 20, 2020

This version will work with a plymouth boot splash enabled. It can be used by following the setup process detailed here.

Also worth checking out this repo and also this pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment