yubikey-full-disk-encryption: Invalid numeric value

I am trying to format LUKS partition by ykfde-format but getting an “Invalid numeric value” error from cryptsetup. I have enabled debug mode and can see the message:

Passing ‘8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c922d1c210a170356c9bab9ab18ecf0e2ae98e48316’ to ‘cryptsetup’

(don`t worry about the key, this is a dummy run)

I replaced the line: printf ‘%s\n’ “$YKFDE_PASSPHRASE” | cryptsetup luksFormat “$@”

To: printf ‘%s\n’ “$YKFDE_PASSPHRASE” | printf ‘%s\n’ “$@”

The line above does not pass the key to cryptsetup, but only parameters come from ykfde-format:

root@archiso / # ykfde-format --cipher aes-xts-plain64 --key-size 512 --hash sha256 --iter-time 5000 --type luks2 /dev/nvme0n1p4

YubiKey slot status ‘ykinfo -q -2’: 1 WARNING: This script will run ‘cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --hash sha256 --iter-time 5000 --type luks2 /dev/nvme0n1p4’. If this is not what you intended, please abort. Please provide the challenge. Enter challenge: 123456

Please repeat the challenge. Enter challenge: 123456 Running: ‘ykchalresp -2 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92’… Remember to touch the device if necessary. Received response: ‘2d1c210a170356c9bab9ab18ecf0e2ae98e48316’ Passing ‘8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c922d1c210a170356c9bab9ab18ecf0e2ae98e48316’ to ‘cryptsetup’ –cipher aes-xts-plain64 –key-size 512 –hash sha256 –iter-time 5000 –type luks2 /dev/nvme0n1p4 New LUKS device successfully formatted

Please advise (:

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 21 (4 by maintainers)

Most upvoted comments

I think both approaches should be equivalent yet since the current approach is bit simpler and was proven to work for years then I’m in favor of keeping it. There is always risk of regression when something changes.