diff options
| author | Lennart Poettering <lennart@poettering.net> | 2019-12-17 18:39:12 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2019-12-17 18:53:45 +0100 |
| commit | 2ccf0ff6e8cdeca63ae25e6714bc14defc4df5a2 (patch) | |
| tree | ea9495ee98e489d732792bc5804dcf6aac184e38 /man/crypttab.xml | |
| parent | 3d864658ea0115820e2610c2618f6fee7b964ec1 (diff) | |
| download | systemd-2ccf0ff6e8cdeca63ae25e6714bc14defc4df5a2.tar.gz | |
man: tweaks to the crypttab(5) man page
Diffstat (limited to 'man/crypttab.xml')
| -rw-r--r-- | man/crypttab.xml | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/man/crypttab.xml b/man/crypttab.xml index d84a914a5e..9b6fffd154 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -425,10 +425,10 @@ line. This is useful for unlocking encrypted volumes through security tokens or smartcards. See below for an example how to set up this mechanism for unlocking a LUKS volume with a YubiKey security token. The specified URI can refer directly to a private RSA key stored on a token or alternatively - just to a slot or token in which case a suitable private RSA key object is automatically searched on - it. In this case if multiple suitable objects are found the token is refused. The key configured in - the third column is passed as is to RSA decryption. The resulting decrypted key is then base64 - encoded before it is used to unlock the LUKS volume.</para></listitem> + just to a slot or token, in which case a search for a suitable private RSA key will be performed. In + this case if multiple suitable objects are found the token is refused. The key configured in the + third column is passed as is to RSA decryption. The resulting decrypted key is then base64 encoded + before it is used to unlock the LUKS volume.</para></listitem> </varlistentry> <varlistentry> @@ -489,7 +489,8 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s</programlist <title>Yubikey-based Volume Unlocking Example</title> <para>The PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA - decryption keys. Here's an example how to set up a Yubikey security token for this purpose:</para> + decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using + <command>ykman</command> from the yubikey-manager project:</para> <programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting> |