SYNOPSIS

yubikey-luks-enroll [ -s 3 ] [ -d /dev/sda6 ] [ -c ]

DESCRIPTION

With this tool you can take a YubiKey with challenge-response enabled on slot 2 to add a LUKS / cryptsetup key slot.

Your chosen PIN or password, plus your YubiKey can generate a response that is added as a key to the cryptsetup disk.

On the next boot you can insert your YubiKey into a USB slot, enter your password, to unlock the disk. Alternatively you can enter any other passphrase that is valid for that disk.

OPTIONS

The following options change the behavior of the tool.

-h

Show summary of options.

-s

The LUKS slot to save the passphrase to. (default: 7)

-c

Clear the chosen LUKS slot at first.

-d

The disk device to work with (default: /dev/sda3)