diff --git a/src/cli.rs b/src/cli.rs
index 645beb1..c7dc56b 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -9,7 +9,7 @@ use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
 use ctap::FidoDevice;
 
 use std::fs::File;
-use std::io::{self, Read, Seek, Write};
+use std::io::Write;
 use std::path::Path;
 
 pub fn setup() -> Fido2LuksResult<()> {
diff --git a/src/device.rs b/src/device.rs
new file mode 100644
index 0000000..938daea
--- /dev/null
+++ b/src/device.rs
@@ -0,0 +1,25 @@
+use crate::error::*;
+
+use ctap;
+use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
+use ctap::FidoDevice;
+
+pub fn perform_challenge(credential_id: &str, salt: &[u8; 32]) -> Fido2LuksResult<[u8; 32]> {
+    let cred = FidoHmacCredential {
+        id: hex::decode(credential_id).unwrap(),
+        rp_id: "hmac".to_string(),
+    };
+    let mut errs = Vec::new();
+    for di in ctap::get_devices()? {
+        let mut dev = FidoDevice::new(&di)?;
+        match dev.hmac_challange(&cred, &salt[..]) {
+            Ok(secret) => {
+                return Ok(secret);
+            }
+            Err(e) => {
+                errs.push(e);
+            }
+        }
+    }
+    Err(errs.pop().ok_or(Fido2LuksError::NoAuthenticatorError)?)?
+}
diff --git a/src/main.rs b/src/main.rs
index 7aefaa0..204784d 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -4,6 +4,7 @@ extern crate failure;
 extern crate serde_derive;
 use crate::cli::*;
 use crate::config::*;
+use crate::device::*;
 use crate::error::*;
 use crypto::digest::Digest;
 use crypto::sha2::Sha256;
@@ -11,18 +12,18 @@ use cryptsetup_rs as luks;
 
 use cryptsetup_rs::Luks1CryptDevice;
 use ctap;
-use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
-use ctap::FidoDevice;
+
 use luks::device::Error::CryptsetupError;
 
 use std::collections::HashMap;
 use std::env;
 
-use std::io::{self, Read, Seek, Write};
+use std::io::{self, Write};
 use std::path::PathBuf;
 
 mod cli;
 mod config;
+mod device;
 mod error;
 mod keystore;
 
@@ -32,26 +33,6 @@ fn open_container(device: &PathBuf, name: &str, secret: &[u8; 32]) -> Fido2LuksR
     Ok(())
 }
 
-fn perform_challenge(credential_id: &str, salt: &[u8; 32]) -> Fido2LuksResult<[u8; 32]> {
-    let cred = FidoHmacCredential {
-        id: hex::decode(credential_id).unwrap(),
-        rp_id: "hmac".to_string(),
-    };
-    let mut errs = Vec::new();
-    for di in ctap::get_devices()? {
-        let mut dev = FidoDevice::new(&di)?;
-        match dev.hmac_challange(&cred, &salt[..]) {
-            Ok(secret) => {
-                return Ok(secret);
-            }
-            Err(e) => {
-                errs.push(e);
-            }
-        }
-    }
-    Err(errs.pop().ok_or(Fido2LuksError::NoAuthenticatorError)?)?
-}
-
 fn assemble_secret(hmac_result: &[u8], salt: &[u8]) -> [u8; 32] {
     let mut digest = Sha256::new();
     digest.input(salt);