summaryrefslogtreecommitdiffstats
path: root/debian/scripts/decrypt_opensc
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:06:26 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:06:26 +0000
commitfd888e850cf413955483bfb993aeeea5ea611289 (patch)
tree6148fed3d1f30272c48403f4cdefa59c2b7e1513 /debian/scripts/decrypt_opensc
parentAdding upstream version 2:2.6.1. (diff)
downloadcryptsetup-debian.tar.xz
cryptsetup-debian.zip
Adding debian version 2:2.6.1-4~deb12u2.debian/2%2.6.1-4_deb12u2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/scripts/decrypt_opensc')
-rw-r--r--debian/scripts/decrypt_opensc46
1 files changed, 46 insertions, 0 deletions
diff --git a/debian/scripts/decrypt_opensc b/debian/scripts/decrypt_opensc
new file mode 100644
index 0000000..b06fc98
--- /dev/null
+++ b/debian/scripts/decrypt_opensc
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Why not use "openct-tool rwait" instead of polling opensc-tool exit status?
+# Well openct daemon has to be running which interferes with pcscd since both
+# implement reader drivers, my particular CCID reader (SCM SCR331-LC1) doesn't
+# work with the CCID driver in openct, however it does work with pcscd.
+
+# Why not use "opensc-tool --wait" instead of polling opensc-tool exit status?
+# Although opensc-tool --help reports that there is a --wait option, it doesn't
+# seem to be implemented.
+
+check_card() {
+ cardfound=0
+
+ if /usr/bin/opensc-tool -n >/dev/null 2>&1; then
+ cardfound=1
+ fi
+}
+
+wait_card() {
+ check_card
+ if [ $cardfound = 0 ] ; then
+ echo "Waiting for Smart Card..." >&2
+ tries=0
+ while [ $cardfound = 0 ] && [ $tries -lt 60 ] ; do
+ sleep 1
+ check_card
+ tries=$(($tries + 1))
+ done
+ if [ $cardfound = 0 ] ; then
+ echo 'Failed to find Smart Card card!' >&2
+ exit 1
+ fi
+ fi
+}
+
+wait_card
+if [ -x /bin/plymouth ] && plymouth --ping; then
+ # Get pin number from plymouth
+ /usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \
+ --pin "$(plymouth ask-for-password --prompt "Enter pin for $CRYPTTAB_NAME: ")"
+else
+ # Get pin number from console
+ /usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw </dev/console 2>/dev/console
+fi
+exit $?