On Wed, Aug 1, 2018 at 7:32 PM Peter Lebbing <[email protected]> wrote: > AFAIK, this is just systemd delegating passphrase querying to the > physically present user. I suppose if you could somehow influence where > it got the passphrase from, there might be a way to achieve it, but I > have no idea how. That's all the direction I can provide.
I have a similar setup where at boot time I use GnuPG to decrypt my drive with keys protected by GnuPG (instead of using LUKS). I have managed to instruct GnuPG to use `systemd-ask-password` to retrieve the password. However I imagine that with some "tinkering" one can implement a simple PIN-entry application to use `systemd-ask-password`, and thus manage to make the whole setup work with a smart card. My script and systemd service file can be found at the following link: https://gist.github.com/cipriancraciun/c8a0dfb973b586053c167fec91093d9c You just need to place these somewhere, update your paths (especially in the `.service` file by replacing `store` and `lvm` with appropriate tokens), and it should work by just updating your `/etc/fstab`. (These were developed and tested only on OpenSUSE.) Hope it helps, Ciprian. P.S.: I really love GnuPG for its crypto-related features, but on the flip-side I really hate it for it's "integration" related features within environments where it shouldn't double fork processes (like its agent), muck with the TTY (like when reading passwords by the agent), and in general just be "well behaved"... _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
