yubikey-luks-enroll

YubiKey two factor authentication for LUKS disks

Install

All systems
curl cmd.cat/yubikey-luks-enroll.sh
Debian Debian
apt-get install yubikey-luks
Ubuntu
apt-get install yubikey-luks
Windows (WSL2)
sudo apt-get update sudo apt-get install yubikey-luks
Raspbian
apt-get install yubikey-luks

yubikey-luks

YubiKey two factor authentication for LUKS disks

With this extension to the initramfs-tools, you can unlock a LUKS encrypted disk using your YubiKey as a second factor. The challenge-response mechanism of the YubiKey is used to generate a response based on a PIN/password you have to enter. Only the combination of the correct password and the matching YubiKey will generate a response, that is a valid key of the LUKS disk. Alternatively you can use any other LUKS passphrase when the YubiKey is not present.