mirror of
https://github.com/systemd/systemd.git
synced 2024-10-30 14:55:37 +03:00
7a17e41dcf
(The one case that is left unchanged is '< <(subcommand)'.) This way, the style with no gap was already dominant. This way, the reader immediately knows that ' < ' is a comparison operator and ' << ' is a shift. In a few cases, replace custom EOF replacement by just EOF. There is no point in using someting like "_EOL" unless "EOF" appears in the text.
29 lines
1.1 KiB
Bash
29 lines
1.1 KiB
Bash
# SPDX-License-Identifier: MIT-0
|
|
|
|
# Destroy any old key on the Yubikey (careful!)
|
|
ykman piv reset
|
|
|
|
# Generate a new private/public key pair on the device, store the public key in
|
|
# 'pubkey.pem'.
|
|
ykman piv generate-key -a RSA2048 9d pubkey.pem
|
|
|
|
# Create a self-signed certificate from this public key, and store it on the
|
|
# device. The "subject" should be an arbitrary user-chosen string to identify
|
|
# the token with.
|
|
ykman piv generate-certificate --subject "Knobelei" 9d pubkey.pem
|
|
|
|
# We don't need the public key anymore, let's remove it. Since it is not
|
|
# security sensitive we just do a regular "rm" here.
|
|
rm pubkey.pem
|
|
|
|
# Enroll the freshly initialized security token in the LUKS2 volume. Replace
|
|
# /dev/sdXn by the partition to use (e.g. /dev/sda1).
|
|
sudo systemd-cryptenroll --pkcs11-token-uri=auto /dev/sdXn
|
|
|
|
# Test: Let's run systemd-cryptsetup to test if this all worked.
|
|
sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=auto
|
|
|
|
# If that worked, let's now add the same line persistently to /etc/crypttab,
|
|
# for the future.
|
|
sudo bash -c 'echo "mytest /dev/sdXn - pkcs11-uri=auto" >>/etc/crypttab'
|