Im trying to use yubikey with disk encryption.
Code: Select all
$ sudo cryptsetup luksDump /dev/nvme0n1p3
LUKS header information for /dev/nvme0n1p3
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 4096
MK bits: 512
MK digest: bc b5 0d aa c6 1c d6 96 fc f3 48 d8 3d be a4 87 40 86 8b c5
MK salt: 77 3e e6 cb 88 a1 2f 20 91 c0 56 03 d3 70 e1 9c
31 a2 7a 21 da 0e be a5 34 d1 db b2 de 29 d4 77
MK iterations: 225250
UUID: eab1b440-5be4-42b3-98cf-de3bde2b9f54
Key Slot 0: ENABLED
Iterations: 1802816
Salt: a7 01 a3 01 11 aa 89 16 6e cd 58 dd 29 16 0b 06
3c 77 85 a2 0d 52 df df aa d8 40 00 c4 aa d8 78
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Code: Select all
$ sudo ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
Firmware version 3.4.9 Touch level 1287 Program sequence 3
Configuration data to be written to key configuration 2:
fixed: m:
uid: n/a
key: h:ad23d4aab804c7acb297aa580c75e321f42f4fd4
acc_code: h:000000000000
OATH IMF: h:0
ticket_flags: CHAL_RESP
config_flags: CHAL_HMAC|HMAC_LT64
extended_flags: SERIAL_API_VISIBLE
Code: Select all
$ sudo yubikey-luks-enroll -d /dev/nvme0n1p3 -s 7
setting disk to /dev/nvme0n1p3.
setting slot to 7.
This script will utilize slot 7 on drive /dev/nvme0n1p3. If this is not what you intended, exit now!
Adding yubikey to initrd
Please enter the yubikey challenge password. This is the password that will only work while your yubikey is installed in your computer: *************
Please enter the yubikey challenge password again: *************
Please provide an existing passphrase. This is NOT the passphrase you just entered, this is the passphrase that you currently use to unlock your LUKS encrypted drive: *******************************Code: Select all
$ sudo cryptsetup luksDump /dev/nvme0n1p3
LUKS header information for /dev/nvme0n1p3
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 4096
MK bits: 512
MK digest: bc b5 0d aa c6 1c d6 96 fc f3 48 d8 3d be a4 87 40 86 8b c5
MK salt: 77 3e e6 cb 88 a1 2f 20 91 c0 56 03 d3 70 e1 9c
31 a2 7a 21 da 0e be a5 34 d1 db b2 de 29 d4 77
MK iterations: 225250
UUID: eab1b440-5be4-42b3-98cf-de3bde2b9f54
Key Slot 0: ENABLED
Iterations: 1802816
Salt: a7 01 a3 01 11 aa 89 16 6e cd 58 dd 29 16 0b 06
3c 77 85 a2 0d 52 df df aa d8 40 00 c4 aa d8 78
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: ENABLED
Iterations: 2052006
Salt: 8d 37 1a 77 53 f6 56 82 03 fe 23 1a c7 09 84 14
77 e0 45 4e c2 2c 22 87 de af 0a b3 f6 8b 45 36
Key material offset: 3536
AF stripes: 4000
by the way this is my partition layout
Code: Select all
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
nvme0n1 259:0 0 238.5G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part /boot/efi
├─nvme0n1p2 259:2 0 244M 0 part /boot
└─nvme0n1p3 259:3 0 237.8G 0 part
└─nvme0n1p3_crypt 254:0 0 237.8G 0 crypt
├─Laptop--vg-root 254:1 0 230G 0 lvm /
└─Laptop--vg-swap_1 254:2 0 7.7G 0 lvm [SWAP]
Thanks in advance for your help!
ps1.In my old computer with debian stretch the procedure i just followed worked perfectly!
ps2.Im sorry if this post is in the wrong category. I guess it could be at Hardware.