replace shell script with C code, and many more

* place bin/ykfde with C source code bin/ykfde.c
* challenge/response can be updated in place
  WARNING: This required config file syntax change!
* updates and simplification to udev/ykfde
* a lot more...

Signed-off-by: Christian Hesse <mail@eworm.de>

1 files changed, 16 insertions, 4 deletions

diff --git a/conf/ykfde.conf b/conf/ykfde.conf
index af25ad7..0525053 100644
--- a/conf/ykfde.conf
+++ b/conf/ykfde.conf
@@ -1,8 +1,20 @@
 [general]
-# Specify what Yubikey slot to use for full disk encryption
+# Specify what Yubikey slot to use for full disk encryption.
+# This is just the system default, you can configure one or more
+# Yubikeys below.
 # The specified slot has to be configured for HMAC-SHA1.
-slot = 2
+yk slot = 2
 
-# you can specify slot for one or more specific Yubikeys as well
+# This is the LUKS device. Make sure you use the name, not
+# block device, e.g. it has to match first column of
+# /etc/crypttab.initramfs.
+device name = crypt
+
+# For every Yubikey in use add a section here.
+# * 'yk slot' is optional and only required for keys differing
+#   from system default.
+# * 'luks slot' is required to make sure one Yukikey is associated
+#   with exactly one LUKS slot!
 #[1234567]
-#slot = 1
+#yk slot = 1
+#luks slot = 1