ryancdotorg/keychain_format.sh

## keychain_format.sh
#!/bin/sh
umask 077
TMPDIR=`mktemp -d /dev/shm/luks.XXXXXXXX`
if [ -d $TMPDIR ]
then
	openssl rand -engine rdrand -base64 64 | tr -d '\n' > $TMPDIR/key
	cryptsetup -i 10 -s 128 -d $TMPDIR/key luksFormat $1
	if [ $? -eq 0 ]
	then
		UUID=`cryptsetup luksUUID $1`
		mv $TMPDIR/key /keys/$UUID.dat
		rmdir $TMPDIR
		cryptsetup --header-backup-file /keys/header-backups/$UUID.hdr luksHeaderBackup $1
		if [ -n "$2" ]
		then
			echo "$2_`echo $UUID | cut -c 1-4`" UUID=$UUID none luks,keyscript=/usr/local/sbin/luks_keychain >> /etc/crypttab
		else
			echo "`echo $UUID | cut -c 1-8`" UUID=$UUID none luks,keyscript=/usr/local/sbin/luks_keychain >> /etc/crypttab
		fi
		echo UUID: $UUID
	fi
fi
	#!/bin/sh
	umask 077
	TMPDIR=`mktemp -d /dev/shm/luks.XXXXXXXX`
	if [ -d $TMPDIR ]
	then
	openssl rand -engine rdrand -base64 64 \| tr -d '\n' > $TMPDIR/key
	cryptsetup -i 10 -s 128 -d $TMPDIR/key luksFormat $1
	if [ $? -eq 0 ]
	then
	UUID=`cryptsetup luksUUID $1`
	mv $TMPDIR/key /keys/$UUID.dat
	rmdir $TMPDIR
	cryptsetup --header-backup-file /keys/header-backups/$UUID.hdr luksHeaderBackup $1
	if [ -n "$2" ]
	then
	echo "$2_`echo $UUID \| cut -c 1-4`" UUID=$UUID none luks,keyscript=/usr/local/sbin/luks_keychain >> /etc/crypttab
	else
	echo "`echo $UUID \| cut -c 1-8`" UUID=$UUID none luks,keyscript=/usr/local/sbin/luks_keychain >> /etc/crypttab
	fi
	echo UUID: $UUID
	fi
	fi