Does anyone have a solution for using the Yubikey Security Key as a second factor for file-based crypto containers like VeraCrypt or something else? I know the Security Key doesn't allow PGP, but now I don't have another key.
1 Answer
I'll assume you're on Linux.
Short answer, from the top of my head: should be no problem.
LUKS can be used to create encrypted files, then you can put a file system in there, and mount the result. Something like the following (untested!):
CONTAINER=yans-encrypted-image-file
DEVICENAME=yans-volume
fallocate -l 10G "$CONTAINER"
cryptsetup luksFormat "$CONTAINER"
sudo cryptsetup luksOpen "$CONTAINER" "$DEVICENAME"
sudo mkfs.xfs "/dev/mapper/$DEVICENAME"
# Now ready to mount, e.g. via
udisksctl mount -b "/dev/mapper/$DEVICENAME"
# To close:
udisksctl unmount -b "/dev/mapper/$DEVICENAME"
sudo cryptsetup close "$DEVICENAME"
There's plenty of guides out there on how to enroll your Yubikey as LUKS secret provider. How packaging for such things works: sadly kind of depends on your Linux distro, so I'll have to let you research that on your own.
