forked from cornelinux/yubikey-luks
-
Notifications
You must be signed in to change notification settings - Fork 2
/
fido2-luks-open.1
55 lines (52 loc) · 1.47 KB
/
fido2-luks-open.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
.\" Hey, EMACS: -*- nroff -*-
.\" (C) Copyright 2023 Nyancient <[email protected]>
.TH FIDO2-LUKS-OPEN 1 "2023-04-10"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
fido2-luks-open - open a LUKS container using a FIDO2 token
.SH SYNOPSIS
.B fido2-luks-open
.RI "[ \-n NAME ] [ \-d DEVICE ] [ \-c ]"
.SH DESCRIPTION
This program will unlock a device encrypted which has previously had a FIDO2 token
enrolled using
.B fido2-luks-enroll.
In addition to the encrypted device itself, you need three things to unlock the device:
.IP \[bu]
An enrolled FIDO2 token.
.IP \[bu]
That token's PIN.
.IP \[bu]
The
.B /etc/fido2-luks.cfg
file used to enroll the token - or at least the
.B FIDO2_CREDENTIAL_ID
and
.B FIDO2_CREDENTIAL_PUBKEY
settings from that file.
.SH OPTIONS
The following options change the behavior of the tool.
.TP
.B \-h
Show summary of options.
.TP
.B \-n
Name for the opened container (default: fido2-luks).
.TP
.B \-d
The disk device to work with (default: /dev/nvme0n1p3).
.SH SEE ALSO
.BR cryptsetup (1),
.BR fido2-luks-enroll (1),
.BR systemd-cryptsetup (1).