Created
July 20, 2020 07:38
-
-
Save AfroThundr3007730/196e18268a09c95ebed8f256585cee04 to your computer and use it in GitHub Desktop.
Modified version of Debian's cryptsetup hook for GnuPG Smartcard unlock
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| if [ -d "/cryptroot/gnupghome" ]; then | |
| export GNUPGHOME="/cryptroot/gnupghome" | |
| fi | |
| run_gpg() { | |
| /usr/bin/gpg --no-options --trust-model=always "$@" | |
| } | |
| decrypt_gpg () { | |
| if ! /lib/cryptsetup/askpass "Enter smartcard PIN: " | \ | |
| run_gpg --quiet --batch \ | |
| --pinentry-mode loopback --passphrase-fd 0 \ | |
| --no-tty --decrypt -- "$1"; then | |
| return 1 | |
| fi | |
| return 0 | |
| } | |
| if ! run_gpg --batch --quiet --no-tty --card-status >/dev/null; then | |
| echo "Please insert OpenPGP SmartCard..." >&2 | |
| fi | |
| if [ ! -x /usr/bin/gpg ]; then | |
| echo "$0: /usr/bin/gpg is not available" >&2 | |
| exit 1 | |
| fi | |
| if [ -z "$1" ] || [ ! -f "$1" ]; then | |
| echo "$0: missing key as argument" >&2 | |
| exit 1 | |
| fi | |
| decrypt_gpg "$1" | |
| exit $? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This version will work with a plymouth boot splash enabled. It can be used by following the setup process detailed here.
Also worth checking out this repo and also this pull request.