Multiple Yubikey support #76
Labels
Comments
|
I don't see the option to call Yubikey by serial in ykchalresp docs. Also the keys order appears to be random. If that's true then this may be not doable. |
|
Hi @Vincent43 , thanks for this quick reply. Considering it's very rare to have plenty of Yubikey connected, I've figured out a way to traverse and compare serial. BTW, even if the key order number is not random, setting a fixed one won't make sense as I may have different sets of keys connected on startup. The following code is from my local initramfs hook script, which is working seamlessly like a transparent BitLocker on Linux. YKFDE_KEY_SERIAL='12345678'
run_hook() {
local dev_no='-1'
local key_present=''
local _tmp
# other code...
while [ -z "$key_present" ]; do
dev_no=$((dev_no + 1))
_tmp="$(ykinfo -sqn"$dev_no" 2>&1)" || break
[ "$_tmp" == "$YKFDE_KEY_SERIAL" ] && key_present=1
done
# other code...
_ykfde_response="$(printf %s "$YKFDE_CHALLENGE" | ykchalresp -n"$dev_no" -"$YKFDE_CHALLENGE_SLOT" -i-)"
# other code...
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you for your nice work! This script may run into error when multiple Yubikeys are connected. A way to resolve this could be to bind the serial of Yubikey in config.
The text was updated successfully, but these errors were encountered: