Closed petrkr closed 6 years ago
Fixed. I removed pinentry usage at all (replaced by "/lib/cryptsetup/askpass" by default). It can be changed using option -a
.
TREZOR_CIPHER_VALUE="test data" trezorCipherKeyValue -e -H
P.S.: So within initrd
you can use:
TREZOR_CIPHER_VALUE="trezor&luks" trezorCipherKeyValue -d | cryptsetup <command> --key-file - [options]
As I want use this in boot I need stdout clear, because cryptsetup in ubuntu/mint call keyscript and PIPE its output to cryptosetup as password.
But if trezor have enabled password, ncurses PIN entry wlll also write to stdout and will add mess to password.
There are two solutions print everything to stderr in that case. But also I need (if plymouth is active and used) call external script/command for user's input.
I suggest somethings like "trezorCipherKeyValue --pincommand "/path/to/exec" and instead creating own pin entry method, call this script and read it's stdout as PIN.
for testing you can use for example "askpass" command from ubuntu/mint mostly in /lib/cryptosomething/askpass