Full Disk Encryption with yubikey
My reason for writing this utility is to support Full Disk Encryption using a hardware key like the yubikey. Normally, the applications doing that pull in a pretty tall stack of code - a USB library, a smart card library, possibly requiring an access broker for card readers, the actual card driver, plus a crypto library.
That is quite a lot, even if you're just considering a systemd-boot based scenario where you can copy your boot time environment to initrd. However, the amount of code you depend on becomes prohibitive if you think about adding this code to a boot loader like grub.
Fortunately, the actual code required to make this work is much smaller. It turns out that you can do it in 3167 LoC.
Goal for this Hackweek
Write a minimal utility that is capable of decrypting a small secret using a yubikey device.
Status as of this week: A working demo exists, code is available from https://github.com/okirch/utoken-decrypt
This project is one of its kind!