• (Holloway), Chew Kean Ho's avatar
    shell/keyscan.sh: added automatic keyfile scan for cryptsetup · 7e321e68
    (Holloway), Chew Kean Ho authored
    As the Linux technologies evolves, full disk ecryption is now a
    compulsory demand. However, that introduces a new set of passphrases
    to remember. This is okay for Linux super users and developers; but
    painful for normal users.
    
    After researching wejn research for spinning cryptsetup keyfile at:
      - https://wejn.org/how-to-make-passwordless-cryptsetup.html
      - https://wejn.org/stuff/tb-crypto-usb-key.sh.html
    
    
    The amended script is very dirty and not unit-testable.
    
    Hence, there is a need for a complete re-write of the entire script
    without discarding many authors' efforts for it.
    
    In the meantime, the re-write also perform a few added features:
    1. Perform variable counts (avoid wastage and removed redundants)
    2. Functionalized the process flows
    3. Added automatic installation as per guide
    4. Added automatic uninstallation
    5. Added automatic initramfs
    6. Updated for Debian Stretch
    7. Converted syntax to POSIX compliant
    8. Automatic key generations
    9. Rename the script as keyscan.sh, /usr/local/sbin/keyscan
    10. Perform password zeroing and cleanup after use
    11. Simplified status and debug printout with single _print_status
    12. Added trap for graceful exit
    13. Amended stty and read with device specific piping
    14. Added cryptosetup passphrase and keyfile verification
    
    This patch adds the new keyscan.sh script into the repository as a
    continuation efforts from wejn et. al.
    Signed-off-by: (Holloway), Chew Kean Ho's avatar(Holloway) Chew, Kean Ho <kean.ho.chew@zoralab.com>
    7e321e68
keyscan.sh 19.4 KB