initrd_luks_pkcs/etc/default/decrypt_pkcs
2021-05-02 08:51:25 +02:00

46 lines
1.6 KiB
Text

# Decrypt_PKCS initramfs configuration
# Smartcard presence test
#SMARTCARD_PRESENCE_COMMAND=/usr/bin/opensc-tool
#SMARTCARD_PRESENCE_ARGS='-n'
SMARTCARD_PRESENCE_COMMAND=/usr/bin/opensc-tool
SMARTCARD_PRESENCE_ARGS='-n'
# PKCS decipher command default to pkcs15-crypt
#DECIPHER_COMMAND=/usr/bin/pkcs15-crypt
DECIPHER_COMMAND=
# PKCS decipher extra library (usefull with pkcs11 or custom command)
# The initramfs hook will search in the multiarch default library path
# eg where the libc is stored and its subfolders.
# Wildcard is allowed by using the find command
DECIPHER_EXTRA_LIBS=
# Define command parameters
# DECIPHER_ARGS is followed by the data to decipher
# DECIPHER_EXTRA_ARGS allow customization
# DECIPHER_ASKPIN is followed by the PIN input from user
# Default value for pkcs15-crypt
#DECIPHER_ARGS='--decipher --pkcs1 --raw --input'
#DECIPHER_ASK_PIN='--pin'
DECIPHER_ARGS=
DECIPHER_ASK_PIN=
# Support multiple key files
# Default behaviour use the key file provided by crypttab
#DECIPHER_MULTI=0
#DECIPHER_MULTI_FOLDER=
#DECIPHER_MULTI_PATTERN=
#DECIPHER_MULTI_SCRIPT=
#DECIPHER_MULTI_SCRIPT_DEPENDS=
DECIPHER_MULTI=0
# The keys are in /etc/keys/internal-"$EncodedSerial".enc
# The key file extension .enc is hardcoded
DECIPHER_MULTI_FOLDER="/etc/keys"
DECIPHER_MULTI_PATTERN="internal-"
# This script should return the approriate encrypted file for the current token
# It can export the $DECIPHER_EXTRA_ARGS to pass arguments to the decipher command
# such as slot specification, id filter ...
DECIPHER_MULTI_SCRIPT="/usr/share/decrypt_pkcs/pkcs15_get-key.sh"
# Script dependancies included in the initramfs
DECIPHER_MULTI_SCRIPT_DEPENDS="/usr/bin/pkcs15-tool"