Vincent43
commented
3 years ago I don't see the option to call Yubikey by serial in ykchalresp docs. Also the keys order appears to be random. If that's true then this may be not doable.
Open TechCiel opened 3 years ago
Vincent43
commented
3 years ago I don't see the option to call Yubikey by serial in ykchalresp docs. Also the keys order appears to be random. If that's true then this may be not doable.
TechCiel
commented
3 years ago Hi @Vincent43 , thanks for this quick reply.
Considering it's very rare to have plenty of Yubikey connected, I've figured out a way to traverse and compare serial.
BTW, even if the key order number is not random, setting a fixed one won't make sense as I may have different sets of keys connected on startup.
The following code is from my local initramfs hook script, which is working seamlessly like a transparent BitLocker on Linux.
YKFDE_KEY_SERIAL='12345678'
run_hook() {
local dev_no='-1'
local key_present=''
local _tmp
# other code...
while [ -z "$key_present" ]; do
dev_no=$((dev_no + 1))
_tmp="$(ykinfo -sqn"$dev_no" 2>&1)" || break
[ "$_tmp" == "$YKFDE_KEY_SERIAL" ] && key_present=1
done
# other code...
_ykfde_response="$(printf %s "$YKFDE_CHALLENGE" | ykchalresp -n"$dev_no" -"$YKFDE_CHALLENGE_SLOT" -i-)"
# other code...
}
Thank you for your nice work! This script may run into error when multiple Yubikeys are connected. A way to resolve this could be to bind the serial of Yubikey in config.