I have a LUKS encrypted drive on Kdeo Neon 5.27. The LUKS password is long and tedious to type in. Given how much KDE reboots, I'm tired of typing in my password so I bought a Yubikey to speed up the process. Then I followed the instructions on https://github.com/cornelinux/yubikey-luks or more specifically I did:
sudo apt update && sudo apt install yubikey-personalization-gui yubikey-luks -y
- Insert Yubikey
ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
yubikey-luks-enroll
- Set the Yubikey passphrase to something easier.
lsblk
- Discover that I have two encrypted partitions, /root and swap.
- Edit
/etc/crypttab
adding,keyscript=/usr/share/yubikey-luks/ykluks-keyscript
to the end of the line for each of the encrypted partitions. - Ran
update-initramfs -u
- Rebooted
Unfortunately, when my system booted up again, I still had to enter my full LUKS password. After which I was prompted to use my Yubikey with it's passphrase twice to complete the login. The end result is that login now requires an additional step on top of typing in the long and tedious password from before.