From a87c27c80800fdd1d5313eb37b4c304615144cfb Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Fri, 3 Jul 2015 01:08:21 -0500 Subject: Add option to clear LUKS key from card --- usr/bin/setupcard.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'usr') diff --git a/usr/bin/setupcard.sh b/usr/bin/setupcard.sh index dc052a0..34e9c4b 100755 --- a/usr/bin/setupcard.sh +++ b/usr/bin/setupcard.sh @@ -675,6 +675,16 @@ function loadlukskey { fi } +function clearlukskey { + echo "Clearing LUKS key..." + authenticatecard "AUT1" + if [[ $authenticated = "1" ]]; then + dd if=/dev/zero of=$SECURE_DIRECTORY/smart.key.blank bs=255 count=1 + update_file "10 01" "$SECURE_DIRECTORY/smart.key.blank" + rm -f $SECURE_DIRECTORY/smart.key.blank + fi +} + function loadusername { echo "Loading username..." authenticatecard "AUT1" @@ -744,6 +754,7 @@ while [[ 1 -eq 1 ]]; do FALSE "Import LUKS encryption key from file to system" \ FALSE "Get LUKS encryption key from Smart Card [File 1001]" \ FALSE "Load LUKS encryption key into Smart Card [File 1001]" \ + FALSE "Clear LUKS encryption key from Smart Card [File 1001]" \ FALSE "Load username into Smart Card [File 1002]" \ FALSE "Load password into Smart Card [File 1003]" \ FALSE "Update Smart Card Transport Keys [AUT1-AUT3]" \ @@ -759,6 +770,7 @@ while [[ 1 -eq 1 ]]; do FALSE "Import LUKS encryption key from file to system" \ FALSE "Get LUKS encryption key from Smart Card [File 1001]" \ FALSE "Load LUKS encryption key into Smart Card [File 1001]" \ + FALSE "Clear LUKS encryption key from Smart Card [File 1001]" \ FALSE "Load username into Smart Card [File 1002]" \ FALSE "Load password into Smart Card [File 1003]" \ FALSE "Update Smart Card Transport Keys [AUT1-AUT3]" \ @@ -822,6 +834,10 @@ while [[ 1 -eq 1 ]]; do loadlukskey fi + if [[ $selection = "Clear LUKS encryption key from Smart Card [File 1001]" ]]; then + clearlukskey + fi + if [[ $selection = "Load username into Smart Card [File 1002]" ]]; then loadusername fi -- cgit v1.2.1