initrd_luks_pkcs/etc/default/decrypt_pkcs

# Decrypt_PKCS initramfs configuration 

# Smartcard presence test 
#SMARTCARD_PRESENCE_COMMAND=/usr/bin/opensc-tool
#SMARTCARD_PRESENCE_ARGS='-n'
SMARTCARD_PRESENCE_COMMAND=/usr/bin/opensc-tool
SMARTCARD_PRESENCE_ARGS='-n'

# PKCS decipher command default to pkcs15-crypt
#DECIPHER_COMMAND=/usr/bin/pkcs15-crypt
DECIPHER_COMMAND=

# PKCS decipher extra library (usefull with pkcs11 or custom command)
# The initramfs hook will search in the multiarch default library path 
# eg where the libc is stored and its subfolders.
# Wildcard is allowed by using the find command
DECIPHER_EXTRA_LIBS=

# Define command parameters
# DECIPHER_ARGS is followed by the data to decipher
# DECIPHER_EXTRA_ARGS allow customization
# DECIPHER_ASKPIN is followed by the PIN input from user
# Default value for pkcs15-crypt 
#DECIPHER_ARGS='--decipher --pkcs1 --raw --input'
#DECIPHER_ASK_PIN='--pin'
DECIPHER_ARGS=
DECIPHER_ASK_PIN=

# Support multiple key files
# Default behaviour use the key file provided by crypttab 
#DECIPHER_MULTI=0
#DECIPHER_MULTI_FOLDER=
#DECIPHER_MULTI_PATTERN=
#DECIPHER_MULTI_SCRIPT=
#DECIPHER_MULTI_SCRIPT_DEPENDS=
DECIPHER_MULTI=0
# The keys are in /etc/keys/internal-"$EncodedSerial".enc
# The key file extension .enc is hardcoded
DECIPHER_MULTI_FOLDER="/etc/keys"
DECIPHER_MULTI_PATTERN="internal-"
# This script should return the approriate encrypted file for the current token
# It can export the $DECIPHER_EXTRA_ARGS to pass arguments to the decipher command
# such as slot specification, id filter ...
DECIPHER_MULTI_SCRIPT="/usr/share/decrypt_pkcs/pkcs15_get-key.sh"
# Script dependancies included in the initramfs
DECIPHER_MULTI_SCRIPT_DEPENDS="/usr/bin/pkcs15-tool"
[feat] Add multi keys support 2021-04-11 14:29:58 +00:00			`# Decrypt_PKCS initramfs configuration`

			`# Smartcard presence test`
			`#SMARTCARD_PRESENCE_COMMAND=/usr/bin/opensc-tool`
			`#SMARTCARD_PRESENCE_ARGS='-n'`
			`SMARTCARD_PRESENCE_COMMAND=/usr/bin/opensc-tool`
			`SMARTCARD_PRESENCE_ARGS='-n'`

			`# PKCS decipher command default to pkcs15-crypt`
			`#DECIPHER_COMMAND=/usr/bin/pkcs15-crypt`
			`DECIPHER_COMMAND=`

			`# PKCS decipher extra library (usefull with pkcs11 or custom command)`
			`# The initramfs hook will search in the multiarch default library path`
			`# eg where the libc is stored and its subfolders.`
			`# Wildcard is allowed by using the find command`
			`DECIPHER_EXTRA_LIBS=`

			`# Define command parameters`
			`# DECIPHER_ARGS is followed by the data to decipher`
			`# DECIPHER_EXTRA_ARGS allow customization`
			`# DECIPHER_ASKPIN is followed by the PIN input from user`
			`# Default value for pkcs15-crypt`
			`#DECIPHER_ARGS='--decipher --pkcs1 --raw --input'`
			`#DECIPHER_ASK_PIN='--pin'`
			`DECIPHER_ARGS=`
			`DECIPHER_ASK_PIN=`

			`# Support multiple key files`
			`# Default behaviour use the key file provided by crypttab`
			`#DECIPHER_MULTI=0`
			`#DECIPHER_MULTI_FOLDER=`
			`#DECIPHER_MULTI_PATTERN=`
			`#DECIPHER_MULTI_SCRIPT=`
			`#DECIPHER_MULTI_SCRIPT_DEPENDS=`
			`DECIPHER_MULTI=0`
			`# The keys are in /etc/keys/internal-"$EncodedSerial".enc`
			`# The key file extension .enc is hardcoded`
			`DECIPHER_MULTI_FOLDER="/etc/keys"`
			`DECIPHER_MULTI_PATTERN="internal-"`
			`# This script should return the approriate encrypted file for the current token`
			`# It can export the $DECIPHER_EXTRA_ARGS to pass arguments to the decipher command`
			`# such as slot specification, id filter ...`
			`DECIPHER_MULTI_SCRIPT="/usr/share/decrypt_pkcs/pkcs15_get-key.sh"`
			`# Script dependancies included in the initramfs`
			`DECIPHER_MULTI_SCRIPT_DEPENDS="/usr/bin/pkcs15-tool"`