Provided by: yubikey-luks_0.5.1+29.g5df2b95-6.2_all bug

NAME
       yubikey-luks-enroll - enroll your yubikey for usage with LUKS


SYNOPSIS
       yubikey-luks-enroll [ -s 3 ] [ -d /dev/sda6 ] [ -c ]


DESCRIPTION
       With  this  tool  you  can  take  a  YubiKey  with  challenge-response  enabled on slot 2 to add a LUKS /
       cryptsetup key slot.

       Your chosen PIN or password, plus your YubiKey can generate a response that is added  as  a  key  to  the
       cryptsetup disk.

       On  the  next  boot you can insert your YubiKey into a USB slot, enter your password, to unlock the disk.
       Alternatively you can enter any other passphrase that is valid for that disk.


OPTIONS
       The following options change the behavior of the tool.

       -h     Show summary of options.

       -s     The LUKS slot to save the passphrase to. (default: 7)

       -c     Clear the chosen LUKS slot at first.

       -d     The disk device to work with (default: /dev/sda3)


PREREQUISITES
       Before adding the Yubikey to the LUKS slot, you need to initialize your Yubikey. You can do so using  the
       privacyIDEA  management  system  or simply by using the command line. The following command will create a
       key for challenges response in Yubikey slot 2:

           ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible

       After this, you can use yubikey-luks-enroll to assign this Yubikey to an LUKS slot.


SEE ALSO
       cryptsetup(1), ykpersonalize(1), ykchalresp(1).

                                                   2015-12-01                             YUBIKEY-LUKS-ENROLL(1)