setup

2020-09-24 23:00:18 +02:00
19 changed files with 322 additions and 871 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,6 +5,4 @@
 fido2luks.bash
 fido2luks.elv
 fido2luks.fish
-fido2luks.zsh
+fido2luks.zsh
 result
 result-*
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2,33 +2,33 @@
 # It is not intended for manual editing.
 [[package]]
 name = "addr2line"
-version = "0.17.0"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9ecd88a8c8378ca913a680cd98f0f13ac67383d35993f86c90a70e3f137816b"
+checksum = "1b6a2d3371669ab3ca9797670853d61402b03d0b4b9ebf33d677dfa720203072"
 dependencies = [
 "gimli",
 ]
 [[package]]
 name = "adler"
-version = "1.0.2"
+version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
+checksum = "ee2a4ec343196209d6594e19543ae87a39f96d5534d7174822a3ad825dd6ed7e"
 [[package]]
 name = "aho-corasick"
-version = "0.7.18"
+version = "0.7.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f"
+checksum = "043164d8ba5c4c3035fec9bbee8647c0261d788f3474306f93bb65901cae0e86"
 dependencies = [
 "memchr",
 ]
 [[package]]
 name = "ansi_term"
-version = "0.12.1"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
+checksum = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b"
 dependencies = [
 "winapi",
 ]
@ -58,13 +58,12 @@ checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
 [[package]]
 name = "backtrace"
-version = "0.3.63"
+version = "0.3.50"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "321629d8ba6513061f26707241fa9bc89524ff1cd7a915a97ef0c62c666ce1b6"
+checksum = "46254cf2fdcdf1badb5934448c1bcbe046a56537b3987d96c51a7afc5d03f293"
 dependencies = [
 "addr2line",
- "cc",
+ "cfg-if",
 "cfg-if 1.0.0",
 "libc",
 "miniz_oxide",
 "object",
@ -73,12 +72,13 @@ dependencies = [
 [[package]]
 name = "bindgen"
-version = "0.59.2"
+version = "0.54.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2bd2a9a458e8f4304c52c43ebb0cfbd520289f8379a52e329a38afda99bf8eb8"
+checksum = "66c0bb6167449588ff70803f4127f0684f9063097eca5016f37eb52b92c2cf36"
 dependencies = [
 "bitflags",
 "cexpr",
 "cfg-if",
 "clang-sys",
 "clap",
 "env_logger",
@ -86,8 +86,8 @@ dependencies = [
 "lazycell",
 "log",
 "peeking_take_while",
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
 "regex",
 "rustc-hash",
 "shlex",
@ -96,15 +96,15 @@ dependencies = [
 [[package]]
 name = "bitflags"
-version = "1.3.2"
+version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
 [[package]]
 name = "bstr"
-version = "0.2.17"
+version = "0.2.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba3569f383e8f1598449f1a423e72e99569137b47740b1da11ef19af3d5c3223"
+checksum = "31accafdb70df7871592c058eca3985b71104e15ac32f64706022c58867da931"
 dependencies = [
 "lazy_static",
 "memchr",
@ -114,9 +114,9 @@ dependencies = [
 [[package]]
 name = "byteorder"
-version = "1.4.3"
+version = "1.3.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
+checksum = "08c48aae112d48ed9f069b33538ea9e3e90aa263cfa3d1c24309612b1f7472de"
 [[package]]
 name = "cbor-codec"
@ -130,15 +130,15 @@ dependencies = [
 [[package]]
 name = "cc"
-version = "1.0.72"
+version = "1.0.60"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee"
+checksum = "ef611cc68ff783f18535d77ddd080185275713d852c4f5cbb6122c462a7a825c"
 [[package]]
 name = "cexpr"
-version = "0.6.0"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+checksum = "f4aedb84272dbe89af497cf81375129abda4fc0a9e7c5d317498c15cc30c0d27"
 dependencies = [
 "nom",
 ]
@ -149,17 +149,11 @@ version = "0.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
 [[package]]
 name = "cfg-if"
 version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 [[package]]
 name = "clang-sys"
-version = "1.3.0"
+version = "0.29.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa66045b9cb23c2e9c1520732030608b02ee07e5cfaa5a521ec15ded7fa24c90"
+checksum = "fe6837df1d5cba2397b835c8530f51723267e16abbf83892e9e5af4f0e5dd10a"
 dependencies = [
 "glob",
 "libc",
@ -168,9 +162,9 @@ dependencies = [
 [[package]]
 name = "clap"
-version = "2.34.0"
+version = "2.33.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
+checksum = "37e58ac78573c40708d45522f0d80fa2f01cc4f9b4e2bf749807255454312002"
 dependencies = [
 "ansi_term",
 "atty",
@ -196,7 +190,7 @@ version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "69323bff1fb41c635347b8ead484a5ca6c3f11914d784170b158d8449ab07f8e"
 dependencies = [
- "cfg-if 0.1.10",
+ "cfg-if",
 "crossbeam-channel",
 "crossbeam-deque",
 "crossbeam-epoch",
@ -216,9 +210,9 @@ dependencies = [
 [[package]]
 name = "crossbeam-deque"
-version = "0.7.4"
+version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c20ff29ded3204c5106278a81a38f4b482636ed4fa1e6cfbeef193291beb29ed"
+checksum = "9f02af974daeee82218205558e51ec8768b48cf524bd01d550abe5573a608285"
 dependencies = [
 "crossbeam-epoch",
 "crossbeam-utils",
@ -232,7 +226,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "058ed274caafc1f60c4997b5fc07bf7dc7cca454af7c6e81edffe5f33f70dace"
 dependencies = [
 "autocfg 1.0.1",
- "cfg-if 0.1.10",
+ "cfg-if",
 "crossbeam-utils",
 "lazy_static",
 "maybe-uninit",
@ -246,7 +240,7 @@ version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "774ba60a54c213d409d5353bda12d49cd68d14e45036a285234c8d6f91f92570"
 dependencies = [
- "cfg-if 0.1.10",
+ "cfg-if",
 "crossbeam-utils",
 "maybe-uninit",
 ]
@ -258,19 +252,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c3c7c73a2d1e9fc0886a08b93e98eb643461230d5f1925e4036204d5f2e261a8"
 dependencies = [
 "autocfg 1.0.1",
- "cfg-if 0.1.10",
+ "cfg-if",
 "lazy_static",
 ]
 [[package]]
 name = "csv"
-version = "1.1.6"
+version = "1.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22813a6dc45b335f9bade10bf7271dc477e81113e89eb251a0bc2a8a81c536e1"
+checksum = "00affe7f6ab566df61b4be3ce8cf16bc2576bca0963ceb0955e45d514bf9a279"
 dependencies = [
 "bstr",
 "csv-core",
- "itoa 0.4.8",
+ "itoa",
 "ryu",
 "serde",
 ]
@ -286,9 +280,9 @@ dependencies = [
 [[package]]
 name = "ctap_hmac"
-version = "0.4.5"
+version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e9c22d4c95aeeb4e2d41e823912d5460cfa1ebf672363eb97b32fa7c91cab89a"
+checksum = "33ccc28f298181e943187fa63805e652bc4806ad43708beebd22c230fbe0baa3"
 dependencies = [
 "byteorder",
 "cbor-codec",
@ -325,10 +319,10 @@ checksum = "f0c960ae2da4de88a91b2d920c2a7233b400bc33cb28453a2987822d8392519b"
 dependencies = [
 "fnv",
 "ident_case",
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
 "strsim 0.9.3",
- "syn 1.0.84",
+ "syn 1.0.41",
 ]
 [[package]]
@ -338,8 +332,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d9b5a2f4ac4969822c62224815d069952656cadc7084fdca9751e6d959189b72"
 dependencies = [
 "darling_core",
- "quote 1.0.14",
+ "quote 1.0.7",
- "syn 1.0.84",
+ "syn 1.0.41",
 ]
 [[package]]
@ -350,9 +344,9 @@ checksum = "a2658621297f2cf68762a6f7dc0bb7e1ff2cfd6583daef8ee0fed6f7ec468ec0"
 dependencies = [
 "darling",
 "derive_builder_core",
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
- "syn 1.0.84",
+ "syn 1.0.41",
 ]
 [[package]]
@ -362,9 +356,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2791ea3e372c8495c0bc2033991d76b512cd799d07491fbd6890124db9458bef"
 dependencies = [
 "darling",
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
- "syn 1.0.84",
+ "syn 1.0.41",
 ]
 [[package]]
@ -375,9 +369,9 @@ checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457"
 [[package]]
 name = "env_logger"
-version = "0.9.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b2cf0344971ee6c64c31be0d530793fba457d322dfec2810c453d0ef228f9c3"
+checksum = "44533bbbb3bb3c1fa17d9f2e4e38bbbaf8396ba82193c4cb1b6445d711445d36"
 dependencies = [
 "atty",
 "humantime",
@ -402,15 +396,15 @@ version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4"
 dependencies = [
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
- "syn 1.0.84",
+ "syn 1.0.41",
 "synstructure",
 ]
 [[package]]
 name = "fido2luks"
-version = "0.2.20"
+version = "0.2.14"
 dependencies = [
 "ctap_hmac",
 "failure",
@ -442,22 +436,11 @@ version = "0.3.55"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f5f3913fa0bfe7ee1fd8248b6b9f42a5af4b9d65ec2dd2c3c26132b950ecfc2"
 [[package]]
 name = "getrandom"
 version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753"
 dependencies = [
 "cfg-if 1.0.0",
 "libc",
 "wasi",
 ]
 [[package]]
 name = "gimli"
-version = "0.26.1"
+version = "0.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78cc372d058dcf6d5ecd98510e7fbc9e5aec4d21de70f65fea8fecebcd881bd4"
+checksum = "aaf91faf136cb47367fa430cd46e37a788775e7fa104f8b4bcb3861dc389b724"
 [[package]]
 name = "glob"
@ -467,18 +450,18 @@ checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574"
 [[package]]
 name = "heck"
-version = "0.3.3"
+version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6d621efb26863f0e9924c6ac577e8275e5e6b77455db64ffa6c65c904e9e132c"
+checksum = "20564e78d53d2bb135c343b3f47714a56af2061f1c928fdb541dc7b9fdd94205"
 dependencies = [
 "unicode-segmentation",
 ]
 [[package]]
 name = "hermit-abi"
-version = "0.1.19"
+version = "0.1.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
+checksum = "4c30f6d0bc6b00693347368a67d41b58f2fb851215ff1da49e90fe2c5c667151"
 dependencies = [
 "libc",
 ]
@ -491,9 +474,12 @@ checksum = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77"
 [[package]]
 name = "humantime"
-version = "2.1.0"
+version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
+checksum = "df004cfca50ef23c36850aaaa59ad52cc70d0e90243c3c7737a4dd32dc7a3c4f"
 dependencies = [
 "quick-error",
 ]
 [[package]]
 name = "ident_case"
@ -503,15 +489,9 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
 [[package]]
 name = "itoa"
-version = "0.4.8"
+version = "0.4.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4"
+checksum = "dc6f3ad7b9d11a0c00842ff8de1b60ee58661048eb8049ed33c73594f359d7e6"
 [[package]]
 name = "itoa"
 version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35"
 [[package]]
 name = "lazy_static"
@ -527,54 +507,54 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 [[package]]
 name = "libc"
-version = "0.2.112"
+version = "0.2.77"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b03d17f364a3a042d5e5d46b053bbbf82c92c9430c592dd4c064dc6ee997125"
+checksum = "f2f96b10ec2560088a8e76961b00d47107b3a625fecb76dedb29ee7ccbf98235"
 [[package]]
 name = "libcryptsetup-rs"
-version = "0.4.4"
+version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dccc914e228f8b36aae1173b8dba2abf62eed833e9f816ec27b0917b26655d09"
+checksum = "b9042dbf4b7e4309494949696496e230c9052af64559d3441627d639898c172c"
 dependencies = [
 "either",
 "libc",
 "libcryptsetup-rs-sys",
 "pkg-config",
- "semver 0.11.0",
+ "semver",
 "serde_json",
 "uuid",
 ]
 [[package]]
 name = "libcryptsetup-rs-sys"
-version = "0.1.6"
+version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41ef25e923679fe233e3c109702829717404d1266c80d6f30236e82e7b2798dc"
+checksum = "4b75a2b946509fb39fdb4b232c973166da14be373d09a43eb36b82f775d8244e"
 dependencies = [
 "bindgen",
 "cc",
 "pkg-config",
- "semver 1.0.4",
+ "semver",
 ]
 [[package]]
 name = "libloading"
-version = "0.7.2"
+version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "afe203d669ec979b7128619bae5a63b7b42e9203c1b29146079ee05e2f604b52"
+checksum = "f2b111a074963af1d37a139918ac6d49ad1d0d5e47f72fd55388619691a7d753"
 dependencies = [
- "cfg-if 1.0.0",
+ "cc",
 "winapi",
 ]
 [[package]]
 name = "log"
-version = "0.4.14"
+version = "0.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710"
+checksum = "4fabed175da42fed1fa0746b0ea71f412aa9d35e76e95e59b192c64b9dc2bf8b"
 dependencies = [
- "cfg-if 1.0.0",
+ "cfg-if",
 ]
 [[package]]
@ -585,9 +565,9 @@ checksum = "60302e4db3a61da70c0cb7991976248362f30319e88850c487b9b95bbf059e00"
 [[package]]
 name = "memchr"
-version = "2.4.1"
+version = "2.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a"
+checksum = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400"
 [[package]]
 name = "memoffset"
@ -598,17 +578,11 @@ dependencies = [
 "autocfg 1.0.1",
 ]
 [[package]]
 name = "minimal-lexical"
 version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 [[package]]
 name = "miniz_oxide"
-version = "0.4.4"
+version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a92518e98c078586bc6c934028adcca4c92a53d6a958196de835170a01d84e4b"
+checksum = "c60c0dfe32c10b43a144bad8fc83538c52f58302c92300ea7ec7bf7b38d5a7b9"
 dependencies = [
 "adler",
 "autocfg 1.0.1",
@ -616,12 +590,11 @@ dependencies = [
 [[package]]
 name = "nom"
-version = "7.1.0"
+version = "5.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b1d11e1ef389c76fe5b81bcaf2ea32cf88b62bc494e19f493d0b30e7a930109"
+checksum = "ffb4262d26ed83a1c0a33a38fe2bb15797329c85770da05e6b828ddb782627af"
 dependencies = [
 "memchr",
 "minimal-lexical",
 "version_check",
 ]
@ -638,21 +611,18 @@ dependencies = [
 [[package]]
 name = "num-traits"
-version = "0.2.14"
+version = "0.2.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290"
+checksum = "ac267bcc07f48ee5f8935ab0d24f316fb722d7a1292e2913f0cc196b29ffd611"
 dependencies = [
 "autocfg 1.0.1",
 ]
 [[package]]
 name = "object"
-version = "0.27.1"
+version = "0.20.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67ac1d3f9a1d3616fd9a60c8d74296f22406a238b6a72f5cc1e6f314df4ffbf9"
+checksum = "1ab52be62400ca80aa00285d25253d7f7c437b7375c4de678f5405d3afe82ca5"
 dependencies = [
 "memchr",
 ]
 [[package]]
 name = "peeking_take_while"
@ -660,20 +630,11 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
 [[package]]
 name = "pest"
 version = "2.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "10f4872ae94d7b90ae48754df22fd42ad52ce740b8f370b03da4835417403e53"
 dependencies = [
 "ucd-trie",
 ]
 [[package]]
 name = "pkg-config"
-version = "0.3.24"
+version = "0.3.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "58893f751c9b0412871a09abd62ecd2a00298c6c83befa223ef98c52aef40cbe"
+checksum = "d36492546b6af1463394d46f0c834346f31548646f6ba10849802c9c9a27ac33"
 [[package]]
 name = "proc-macro-error"
@ -682,9 +643,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
 dependencies = [
 "proc-macro-error-attr",
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
- "syn 1.0.84",
+ "syn 1.0.41",
 "version_check",
 ]
@ -694,8 +655,8 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
 dependencies = [
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
 "version_check",
 ]
@ -710,13 +671,19 @@ dependencies = [
 [[package]]
 name = "proc-macro2"
-version = "1.0.36"
+version = "1.0.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c7342d5883fbccae1cc37a2353b09c87c9b0f3afd73f5fb9bba687a1f733b029"
+checksum = "36e28516df94f3dd551a587da5357459d9b36d945a7c37c3557928c1c2ff2a2c"
 dependencies = [
- "unicode-xid 0.2.2",
+ "unicode-xid 0.2.1",
 ]
 [[package]]
 name = "quick-error"
 version = "1.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
 [[package]]
 name = "quote"
 version = "0.6.13"
@ -728,11 +695,11 @@ dependencies = [
 [[package]]
 name = "quote"
-version = "1.0.14"
+version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "47aa80447ce4daf1717500037052af176af5d38cc3e571d9ec1c7353fc10c87d"
+checksum = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37"
 dependencies = [
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
 ]
 [[package]]
@ -875,26 +842,30 @@ dependencies = [
 [[package]]
 name = "regex"
-version = "1.5.4"
+version = "1.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461"
+checksum = "9c3780fcf44b193bc4d09f36d2a3c87b251da4a046c87795a0d35f4f927ad8e6"
 dependencies = [
 "aho-corasick",
 "memchr",
 "regex-syntax",
 "thread_local",
 ]
 [[package]]
 name = "regex-automata"
-version = "0.1.10"
+version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
+checksum = "ae1ded71d66a4a97f5e961fd0cb25a5f366a42a41570d16a763a69c092c26ae4"
 dependencies = [
 "byteorder",
 ]
 [[package]]
 name = "regex-syntax"
-version = "0.6.25"
+version = "0.6.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
+checksum = "26412eb97c6b088a6997e05f69403a802a92d520de2f8e63c2b65f9e0f47c4e8"
 [[package]]
 name = "ring"
@ -933,9 +904,9 @@ dependencies = [
 [[package]]
 name = "rustc-demangle"
-version = "0.1.21"
+version = "0.1.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342"
+checksum = "4c691c0e608126e00913e33f0ccf3727d5fc84573623b8d65b2df340b5201783"
 [[package]]
 name = "rustc-hash"
@ -951,9 +922,9 @@ checksum = "dcf128d1287d2ea9d80910b5f1120d0b8eede3fbf1abe91c40d39ea7d51e6fda"
 [[package]]
 name = "ryu"
-version = "1.0.9"
+version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "73b4b750c782965c211b42f022f59af1fbceabdd026623714f104152f1ec149f"
+checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e"
 [[package]]
 name = "scopeguard"
@ -963,61 +934,52 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
 [[package]]
 name = "semver"
-version = "0.11.0"
+version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f301af10236f6df4160f7c3f04eec6dbc70ace82d23326abad5edee88801c6b6"
+checksum = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403"
 dependencies = [
 "semver-parser",
 ]
 [[package]]
 name = "semver"
 version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "568a8e6258aa33c13358f81fd834adb854c6f7c9468520910a9b1e8fac068012"
 [[package]]
 name = "semver-parser"
-version = "0.10.2"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "00b0bef5b7f9e0df16536d3961cfb6e84331c065b4066afb39768d0e319411f7"
+checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
 dependencies = [
 "pest",
 ]
 [[package]]
 name = "serde"
-version = "1.0.132"
+version = "1.0.116"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b9875c23cf305cd1fd7eb77234cbb705f21ea6a72c637a5c6db5fe4b8e7f008"
+checksum = "96fe57af81d28386a513cbc6858332abc6117cfdb5999647c6444b8f43a370a5"
 [[package]]
 name = "serde_derive"
-version = "1.0.132"
+version = "1.0.116"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ecc0db5cb2556c0e558887d9bbdcf6ac4471e83ff66cf696e5419024d1606276"
+checksum = "f630a6370fd8e457873b4bd2ffdae75408bc291ba72be773772a4c2a065d9ae8"
 dependencies = [
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
- "syn 1.0.84",
+ "syn 1.0.41",
 ]
 [[package]]
 name = "serde_json"
-version = "1.0.73"
+version = "1.0.57"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bcbd0344bc6533bc7ec56df11d42fb70f1b912351c0825ccb7211b59d8af7cf5"
+checksum = "164eacbdb13512ec2745fb09d51fd5b22b0d65ed294a1dcf7285a360c80a675c"
 dependencies = [
- "itoa 1.0.1",
+ "itoa",
 "ryu",
 "serde",
 ]
 [[package]]
 name = "shlex"
-version = "1.1.0"
+version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
+checksum = "7fdf1b9db47230893d76faad238fd6097fd6d6a9245cd7a4d90dbd639536bbd2"
 [[package]]
 name = "strsim"
@ -1033,9 +995,9 @@ checksum = "6446ced80d6c486436db5c078dde11a9f73d42b57fb273121e160b84f63d894c"
 [[package]]
 name = "structopt"
-version = "0.3.25"
+version = "0.3.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40b9788f4202aa75c240ecc9c15c65185e6a39ccdeb0fd5d008b98825464c87c"
+checksum = "a33f6461027d7f08a13715659b2948e1602c31a3756aeae9378bfe7518c72e82"
 dependencies = [
 "clap",
 "lazy_static",
@ -1044,15 +1006,15 @@ dependencies = [
 [[package]]
 name = "structopt-derive"
-version = "0.4.18"
+version = "0.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcb5ae327f9cc13b68763b5749770cb9e048a99bd9dfdfa58d0cf05d5f64afe0"
+checksum = "c92e775028122a4b3dd55d58f14fc5120289c69bee99df1d117ae30f84b225c9"
 dependencies = [
 "heck",
 "proc-macro-error",
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
- "syn 1.0.84",
+ "syn 1.0.41",
 ]
 [[package]]
@ -1068,32 +1030,32 @@ dependencies = [
 [[package]]
 name = "syn"
-version = "1.0.84"
+version = "1.0.41"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ecb2e6da8ee5eb9a61068762a32fa9619cc591ceb055b3687f4cd4051ec2e06b"
+checksum = "6690e3e9f692504b941dc6c3b188fd28df054f7fb8469ab40680df52fdcc842b"
 dependencies = [
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
- "unicode-xid 0.2.2",
+ "unicode-xid 0.2.1",
 ]
 [[package]]
 name = "synstructure"
-version = "0.12.6"
+version = "0.12.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
+checksum = "b834f2d66f734cb897113e34aaff2f1ab4719ca946f9a7358dba8f8064148701"
 dependencies = [
- "proc-macro2 1.0.36",
+ "proc-macro2 1.0.21",
- "quote 1.0.14",
+ "quote 1.0.7",
- "syn 1.0.84",
+ "syn 1.0.41",
- "unicode-xid 0.2.2",
+ "unicode-xid 0.2.1",
 ]
 [[package]]
 name = "termcolor"
-version = "1.1.2"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2dfed899f0eb03f32ee8c6a0aabdb8a7949659e3466561fc0adf54e26d88c5f4"
+checksum = "bb6bfa289a4d7c5766392812c0a1f4c1ba45afa1ad47803c11e1f407d846d75f"
 dependencies = [
 "winapi-util",
 ]
@ -1108,32 +1070,36 @@ dependencies = [
 ]
 [[package]]
-name = "time"
+name = "thread_local"
-version = "0.1.43"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438"
+checksum = "d40c6d1b69745a6ec6fb1ca717914848da4b44ae29d9b3080cbee91d72a69b14"
 dependencies = [
 "lazy_static",
 ]
 [[package]]
 name = "time"
 version = "0.1.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255"
 dependencies = [
 "libc",
 "wasi",
 "winapi",
 ]
 [[package]]
 name = "ucd-trie"
 version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "56dee185309b50d1f11bfedef0fe6d036842e3fb77413abef29f8f8d1c5d4c1c"
 [[package]]
 name = "unicode-segmentation"
-version = "1.8.0"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8895849a949e7845e06bd6dc1aa51731a103c42707010a5b591c0038fb73385b"
+checksum = "e83e153d1053cbb5a118eeff7fd5be06ed99153f00dbcd8ae310c5fb2b22edc0"
 [[package]]
 name = "unicode-width"
-version = "0.1.9"
+version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973"
+checksum = "9337591893a19b88d8d87f2cec1e73fad5cdfd10e5a6f349f498ad6ea2ffb1e3"
 [[package]]
 name = "unicode-xid"
@ -1143,9 +1109,9 @@ checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
 [[package]]
 name = "unicode-xid"
-version = "0.2.2"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3"
+checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564"
 [[package]]
 name = "untrusted"
@ -1155,11 +1121,11 @@ checksum = "55cd1f4b4e96b46aeb8d4855db4a7a9bd96eeeb5c6a1ab54593328761642ce2f"
 [[package]]
 name = "uuid"
-version = "0.8.2"
+version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
+checksum = "90dbc611eb48397705a6b0f6e917da23ae517e4d127123d2cf7674206627d32a"
 dependencies = [
- "getrandom",
+ "rand 0.6.5",
 ]
 [[package]]
@ -1170,24 +1136,22 @@ checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
 [[package]]
 name = "version_check"
-version = "0.9.3"
+version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe"
+checksum = "b5a972e5669d67ba988ce3dc826706fb0a8b01471c088cb0b6110b805cc36aed"
 [[package]]
 name = "wasi"
-version = "0.10.2+wasi-snapshot-preview1"
+version = "0.10.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
+checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
 [[package]]
 name = "which"
-version = "4.2.2"
+version = "3.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea187a8ef279bc014ec368c27a920da2024d2a711109bfbe3440585d5cf27ad9"
+checksum = "d011071ae14a2f6671d0b74080ae0cd8ebf3a6f8c9589a2cd45f23126fe29724"
 dependencies = [
 "either",
 "lazy_static",
 "libc",
 ]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "fido2luks"
-version = "0.2.20"
+version = "0.2.14"
 authors = ["shimunn <shimun@shimun.net>"]
 edition = "2018"
@ -14,7 +14,7 @@ categories = ["command-line-utilities"]
 license = "MPL-2.0"
 [dependencies]
-ctap_hmac = { version="0.4.5", features = ["request_multiple"] }
+ctap_hmac = { version="0.4.2", features = ["request_multiple"] }
 hex = "0.3.2"
 ring = "0.13.5"
 failure = "0.1.5"
@ -26,7 +26,7 @@ serde_derive = "1.0.106"
 serde = "1.0.106"
 [build-dependencies]
-ctap_hmac = { version="0.4.5", features = ["request_multiple"] }
+ctap_hmac = { version="0.4.2", features = ["request_multiple"] }
 hex = "0.3.2"
 ring = "0.13.5"
 failure = "0.1.5"
@ -48,7 +48,6 @@ extended-description = "Decrypt your LUKS partition using a FIDO2 compatible aut
 assets = [
    ["target/release/fido2luks", "usr/bin/", "755"],
    ["fido2luks.bash", "usr/share/bash-completion/completions/fido2luks", "644"],
    ["pam_mount/fido2luksmounthelper.sh", "usr/bin/", "755"],
    ["initramfs-tools/keyscript.sh", "/lib/cryptsetup/scripts/fido2luks", "755" ],
    ["initramfs-tools/hook/fido2luks.sh", "etc/initramfs-tools/hooks/", "755" ],
    ["initramfs-tools/fido2luks.conf", "etc/", "644"],
--- a/28
+++ b/28
@ -1,37 +1,25 @@
 # Maintainer: shimunn <shimun@shimun.net>
-
+pkgname=fido2luks
-pkgname=fido2luks-git
+pkgver=0.2.12
 pkgver=0.2.16.7e6b33a
 pkgrel=1
-makedepends=('rust' 'cargo' 'cryptsetup' 'clang' 'git')
+makedepends=('rust' 'cargo' 'cryptsetup' 'clang')
 depends=('cryptsetup')
 arch=('i686' 'x86_64' 'armv6h' 'armv7h')
 pkgdesc="Decrypt your LUKS partition using a FIDO2 compatible authenticator"
 url="https://github.com/shimunn/fido2luks"
 license=('MPL-2.0')
 source=('git+https://github.com/shimunn/fido2luks')
 sha512sums=('SKIP')
 pkgver() {
-    cd fido2luks
+	# Use tag version if possible otherwise concat project version and git ref
-
+	git describe --exact-match --tags HEAD 2> /dev/null || \
-    # Use tag version if possible otherwise concat project version and git ref
+		echo "$(cargo pkgid | cut -d'#' -f2).$(git describe --always)"
    git describe --exact-match --tags HEAD 2>/dev/null ||
        echo "$(cargo pkgid | cut -d'#' -f2).$(git describe --always)"
 }
 build() {
    cd fido2luks
    cargo build --release --locked --all-features --target-dir=target
 }
 package() {
-    cd fido2luks
+    install -Dm 755 target/release/${pkgname} -t "${pkgdir}/usr/bin"
-
+    install -Dm 644 ../fido2luks.bash "${pkgdir}/usr/share/bash-completion/completions/fido2luks"
    install -Dm 755 target/release/fido2luks -t "${pkgdir}/usr/bin"
    install -Dm 755 pam_mount/fido2luksmounthelper.sh -t "${pkgdir}/usr/bin"
    install -Dm 644 initcpio/hooks/fido2luks -t "${pkgdir}/usr/lib/initcpio/hooks"
    install -Dm 644 initcpio/install/fido2luks -t "${pkgdir}/usr/lib/initcpio/install"
    install -Dm 644 fido2luks.bash "${pkgdir}/usr/share/bash-completion/completions/fido2luks"
    install -Dm 644 fido2luks.fish -t "${pkgdir}/usr/share/fish/vendor_completions.d"
 }
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
 This will allow you to unlock your LUKS encrypted disk with an FIDO2 compatible key.
-Note: This has only been tested under Fedora 31, [Ubuntu 20.04](initramfs-tools/), [NixOS](https://nixos.org/nixos/manual/#sec-luks-file-systems-fido2) using a Solo Key, Trezor Model T, YubiKey(fw >= [5.2.3](https://support.yubico.com/hc/en-us/articles/360016649319-YubiKey-5-2-3-Enhancements-to-FIDO-2-Support))
+Note: This has only been tested under Fedora 31, [Ubuntu 20.04](initramfs-tools/), [NixOS](https://nixos.org/nixos/manual/#sec-luks-file-systems-fido2) using a Solo Key, Trezor Model T
 ## Setup
@ -115,36 +115,6 @@ sudo -E fido2luks -i replace-key /dev/disk/by-uuid/<DISK_UUID>
 sudo rm -rf /usr/lib/dracut/modules.d/96luks-2fa /etc/dracut.conf.d/luks-2fa.conf /etc/fido2luks.conf
 ```
 ## Theory of operation
 fido2luks builds on two basic building blocks, LUKS as an abstraction over linux disk encryption and and the FIDO2 extension [`hmac-secret`](https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-client-to-authenticator-protocol-v2.0-rd-20180702.html#sctn-hmac-secret-extension).
 The `hmac-secret` extension allows for an secret to be dervied on the FIDO2 device from two inputs, the user supplied salt/password/keyfile and another secret contained within the FID2 device. The output of the `hmac-secret` function will then be used to decrypt the LUKS header which in turn is used to decrypt the disk.
 ```
        +-------------------------------------------------------------------------------+
        |                                                                               |
        |                       +-----------------------------------------+             |
        |                       |               FIDO2 device              |             |
        |                       |                                         |             |
        |                       |                                         |             |
 +-------+--------+   +------+   |                      +---------------+  |             |             +------------------------+
 | Salt/Password  +-> |sha256+------------------------> |               |  |             v             |      LUKS header       |
 +----------------+   +------+   |                      |               |  |                           |                        |           +---------------+   
                                |                      |               |  |        +--------+         +------------------------+-------->  |Disk master key| 
                                |                      |  sha256_hmac  +---------> | sha256 +-------> | Keyslot 1              |           +---------------+ 
 +----------------+              |  +----------+        |               |  |        +--------+         +------------------------+
 | FIDO credential+---------------> |Credential| +----> |               |  |                           | Keyslot 2              |
 +----------------+              |  |secret    |        |               |  |                           +------------------------+
                                |  +----------+        +---------------+  |
                                |                                         |
                                |                                         |
                                +-----------------------------------------+
 ```
 Since all these components build upon each other losing or damaging just one of them will render the disk undecryptable, it's threfore of paramount importance to backup the LUKS header and ideally set an backup password
 or utilise more than one FIDO2 device. Each additional credential and password combination will require it's own LUKS keyslot since the credential secret is randomly generated for each new credential and will thus result
 in a completly different secret.
 ## License
 Licensed under
--- a/flake.lock
+++ b/flake.lock
@ -1,62 +0,0 @@
 {
  "nodes": {
    "naersk": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1639947939,
        "narHash": "sha256-pGsM8haJadVP80GFq4xhnSpNitYNQpaXk4cnA796Cso=",
        "owner": "nmattia",
        "repo": "naersk",
        "rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653",
        "type": "github"
      },
      "original": {
        "owner": "nmattia",
        "repo": "naersk",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1638109994,
        "narHash": "sha256-OpA37PTiPMIqoRJbufbl5rOLII7HeeGcA0yl7FoyCIE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "a284564b7f75ac4db73607db02076e8da9d42c9d",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "type": "indirect"
      }
    },
    "root": {
      "inputs": {
        "naersk": "naersk",
        "nixpkgs": "nixpkgs",
        "utils": "utils"
      }
    },
    "utils": {
      "locked": {
        "lastModified": 1638122382,
        "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@ -1,61 +0,0 @@
 {
  description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator";
  inputs = {
    utils.url = "github:numtide/flake-utils";
    naersk = {
      url = "github:nmattia/naersk";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = { self, nixpkgs, utils, naersk }:
    let
      root = ./.;
      pname = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).package.name;
      forPkgs = pkgs:
        let
          naersk-lib = naersk.lib."${pkgs.system}";
          buildInputs = with pkgs; [ cryptsetup ];
          LIBCLANG_PATH = "${pkgs.clang.cc.lib}/lib";
          nativeBuildInputs = with pkgs; [
            pkgconfig
            clang
          ];
        in
        rec {
          # `nix build`
          packages.${pname} = naersk-lib.buildPackage {
            inherit pname root buildInputs nativeBuildInputs LIBCLANG_PATH;
          };
          defaultPackage = packages.${pname};
          # `nix run`
          apps.${pname} = utils.lib.mkApp {
            drv = packages.${pname};
          };
          defaultApp = apps.${pname};
          # `nix flake check`
          checks = {
            fmt = with pkgs; runCommandLocal "${pname}-fmt" { buildInputs = [ cargo rustfmt nixpkgs-fmt ]; } ''
              cd ${root}
              cargo fmt -- --check
              nixpkgs-fmt --check *.nix
              touch $out
            '';
          };
          # `nix develop`
          devShell = pkgs.mkShell {
            nativeBuildInputs = with pkgs; [ rustc cargo rustfmt nixpkgs-fmt ] ++ nativeBuildInputs;
            inherit buildInputs LIBCLANG_PATH;
          };
        };
      forSystem = system: forPkgs nixpkgs.legacyPackages."${system}";
    in
    (utils.lib.eachSystem [ "aarch64-linux" "i686-linux" "x86_64-linux" ] forSystem) // {
      overlay = final: prev: (forPkgs final).packages;
    };
 }
--- a/initcpio/Makefile
+++ b/initcpio/Makefile
@ -1,18 +0,0 @@
 .PHONY: install remove
 install:
 	install -Dm644 hooks/fido2luks -t /usr/lib/initcpio/hooks
 	install -Dm644 install/fido2luks -t /usr/lib/initcpio/install
 ifdef preset
 	mkinitcpio -p $(preset)
 else
 	mkinitcpio -P
 endif
 remove:
 	rm /usr/lib/initcpio/{hooks,install}/fido2luks
 ifdef preset
 	mkinitcpio -p $(preset)
 else
 	mkinitcpio -P
 endif
--- a/initcpio/README.md
+++ b/initcpio/README.md
@ -1,52 +0,0 @@
 ## fido2luks hook for mkinitcpio (ArchLinux and derivatives)
 > ⚠️ Before proceeding, it is very advised to [backup your existing LUKS2 header](https://wiki.archlinux.org/title/dm-crypt/Device_encryption#Backup_using_cryptsetup) to external storage
 ### Setup
 1. Connect your FIDO2 authenticator
 2. Generate credential id
 ```shell
 fido2luks credential
 ```
 3. Generate salt (random string)
 ```shell
 pwgen 48 1
 ```
 4. Add key to your LUKS2 device
 ```shell
 fido2luks add-key -Pt --salt <salt> <block_device> <credential_id>
 ```
 `-P` - request PIN to unlock the authenticator  
 `-t` - add token (including credential id) to the LUKS2 header  
 `-e` - wipe all other keys  
 For the full list of options see `fido2luks add-key --help`
 5. Edit [/etc/fido2luks.conf](/initcpio/fido2luks.conf)
 Keyslot (`FIDO2LUKS_DEVICE_SLOT`) can be obtained from the output of
 ```shell
 cryptsetup luksDump <block_device>
 ```
 6. Add fido2luks hook to /etc/mkinitcpio.conf
 Before or instead of `encrypt` hook, for example:
 ```shell
 HOOKS=(base udev autodetect modconf keyboard block fido2luks filesystems fsck)
 ```
 7. Recreate initial ramdisk
 ```shell
 mkinitcpio -p <preset>
 ```
--- a/initcpio/fido2luks.conf
+++ b/initcpio/fido2luks.conf
@ -1,18 +0,0 @@
 # Set credential *ONLY IF* it's not embedded in the LUKS2 header
 FIDO2LUKS_CREDENTIAL_ID=
 # Encrypted device and its name under /dev/mapper
 # Can be overridden by `cryptdevice` kernel parameter
 FIDO2LUKS_DEVICE=
 FIDO2LUKS_MAPPER_NAME=
 FIDO2LUKS_SALT=string:<salt>
 # Use specific keyslot (ignore all other slots)
 FIDO2LUKS_DEVICE_SLOT=
 # Await for an authenticator to be connected (in seconds)
 FIDO2LUKS_DEVICE_AWAIT=
 # Set to 1 if PIN is required to unlock the authenticator
 FIDO2LUKS_ASK_PIN=
--- a/initcpio/hooks/fido2luks
+++ b/initcpio/hooks/fido2luks
@ -1,55 +0,0 @@
 #!/usr/bin/ash
 run_hook() {
    modprobe -a -q dm-crypt >/dev/null 2>&1
    . /etc/fido2luks.conf
    if [ -z "$cryptdevice" ]; then
        device="$FIDO2LUKS_DEVICE"
        dmname="$FIDO2LUKS_MAPPER_NAME"
    else
        IFS=: read cryptdev dmname _cryptoptions <<EOF
 $cryptdevice
 EOF
        if ! device=$(resolve_device "${cryptdev}" ${rootdelay}); then
            return 1
        fi
    fi
    options="--salt $FIDO2LUKS_SALT"
    if [ "$FIDO2LUKS_ASK_PIN" == 1 ]; then
        options="$options --pin"
    fi
    if [ -n "$FIDO2LUKS_DEVICE_SLOT" ]; then
        options="$options --slot $FIDO2LUKS_DEVICE_SLOT"
    fi
    if [ -n "$FIDO2LUKS_DEVICE_AWAIT" ]; then
        options="$options --await-dev $FIDO2LUKS_DEVICE_AWAIT"
    fi
    # HACK: /dev/tty is hardcoded in rpassword, but not accessible from the ramdisk
    # Temporary link it to /dev/tty1
    mv /dev/tty /dev/tty.back
    ln -s /dev/tty1 /dev/tty
    printf "\nAuthentication is required to access the $dmname volume at $device\n"
    if [ -z "$FIDO2LUKS_CREDENTIAL_ID" ]; then
        fido2luks open-token $device $dmname $options
    else
        fido2luks open $device $dmname $FIDO2LUKS_CREDENTIAL_ID $options
    fi
    exit_code=$?
    # Restore /dev/tty
    mv /dev/tty.back /dev/tty
    if [ $exit_code -ne 0 ]; then
        printf '\n'
        read -s -p 'Press Enter to continue'
        printf '\n'
    fi
 }
--- a/initcpio/install/fido2luks
+++ b/initcpio/install/fido2luks
@ -1,31 +0,0 @@
 #!/bin/bash
 build() {
    local mod
    add_module dm-crypt
    add_module dm-integrity
    if [[ $CRYPTO_MODULES ]]; then
        for mod in $CRYPTO_MODULES; do
            add_module "$mod"
        done
    else
        add_all_modules /crypto/
    fi
    add_binary fido2luks
    add_binary dmsetup
    add_file /usr/lib/udev/rules.d/10-dm.rules
    add_file /usr/lib/udev/rules.d/13-dm-disk.rules
    add_file /usr/lib/udev/rules.d/95-dm-notify.rules
    add_file /usr/lib/initcpio/udev/11-dm-initramfs.rules /usr/lib/udev/rules.d/11-dm-initramfs.rules
    add_file /etc/fido2luks.conf /etc/fido2luks.conf
    add_runscript
 }
 help() {
    cat <<HELPEOF
 This hook allows to decrypt LUKS2 partition using FIDO2 compatible authenticator
 HELPEOF
 }
--- a/initramfs-tools/fido2luks.conf
+++ b/initramfs-tools/fido2luks.conf
@ -1,5 +1,3 @@
 FIDO2LUKS_SALT=Ask
 #FIDO2LUKS_PASSWORD_HELPER="/usr/bin/plymouth ask-for-password --prompt 'FIDO2 password salt'"
 FIDO2LUKS_CREDENTIAL_ID=
 FIDO2LUKS_USE_TOKEN=0
 FIDO2LUKS_PASSWORD_FALLBACK=1
--- a/initramfs-tools/keyscript.sh
+++ b/initramfs-tools/keyscript.sh
@ -2,17 +2,6 @@
 set -a
 . /etc/fido2luks.conf
 # Set Defaults
 if [ -z "$FIDO2LUKS_USE_TOKEN" ]; then
    FIDO2LUKS_USE_TOKEN=0
 fi
 if [ -z "$FIDO2LUKS_PASSWORD_FALLBACK" ]; then
    FIDO2LUKS_PASSWORD_FALLBACK=1
 fi
 if [ -z "$FIDO2LUKS_PASSWORD_HELPER" ]; then
 	MSG="FIDO2 password salt for $CRYPTTAB_NAME"
 	export FIDO2LUKS_PASSWORD_HELPER="plymouth ask-for-password --prompt '$MSG'"
@ -23,8 +12,3 @@ if [ "$FIDO2LUKS_USE_TOKEN" -eq 1 ]; then
 fi
 fido2luks print-secret --bin
 # Fall back to passphrase-based unlock if fido2luks fails
 if [ "$?" -gt 0 ] && [ "$FIDO2LUKS_PASSWORD_FALLBACK" -eq 1 ]; then
  plymouth ask-for-password --prompt "Password for $CRYPTTAB_SOURCE"
 fi
--- a/pam_mount/fido2luksmounthelper.sh
+++ b/pam_mount/fido2luksmounthelper.sh
@ -1,220 +0,0 @@
 #!/bin/bash
 #
 # This is a rather minimal example Argbash potential
 # Example taken from http://argbash.readthedocs.io/en/stable/example.html
 #
 # ARG_POSITIONAL_SINGLE([operation],[Operation to perform (mount|umount)],[])
 # ARG_OPTIONAL_SINGLE([credentials-type],[c],[Type of the credentials to use (external|embedded)])
 # ARG_OPTIONAL_SINGLE([device],[d],[Name of the device to create])
 # ARG_OPTIONAL_SINGLE([mount-point],[m],[Path of the mount point to use])
 # ARG_OPTIONAL_BOOLEAN([ask-pin],[a],[Ask for a pin],[off])
 # ARG_OPTIONAL_SINGLE([salt],[s],[Salt to use],[""])
 # ARG_HELP([Unlocks/Locks a LUKS volume and mount/unmount it in the given mount point.])
 # ARGBASH_GO()
 # needed because of Argbash --> m4_ignore([
 ### START OF CODE GENERATED BY Argbash v2.9.0 one line above ###
 # Argbash is a bash code generator used to get arguments parsing right.
 # Argbash is FREE SOFTWARE, see https://argbash.io for more info
 # Generated online by https://argbash.io/generate
 die()
 {
 	local _ret="${2:-1}"
 	test "${_PRINT_HELP:-no}" = yes && print_help >&2
 	echo "$1" >&2
 	exit "${_ret}"
 }
 begins_with_short_option()
 {
 	local first_option all_short_options='cdmash'
 	first_option="${1:0:1}"
 	test "$all_short_options" = "${all_short_options/$first_option/}" && return 1 || return 0
 }
 # THE DEFAULTS INITIALIZATION - POSITIONALS
 _positionals=()
 # THE DEFAULTS INITIALIZATION - OPTIONALS
 _arg_credentials_type=
 _arg_device=
 _arg_mount_point=
 _arg_ask_pin="off"
 _arg_salt=""
 print_help()
 {
 	printf '%s\n' "Unlocks/Locks a LUKS volume and mount/unmount it in the given mount point."
 	printf 'Usage: %s [-c|--credentials-type <arg>] [-d|--device <arg>] [-m|--mount-point <arg>] [-a|--(no-)ask-pin] [-s|--salt <arg>] [-h|--help] <operation>\n' "$0"
 	printf '\t%s\n' "<operation>: Operation to perform (mount|umount)"
 	printf '\t%s\n' "-c, --credentials-type: Type of the credentials to use (external|embedded) (no default)"
 	printf '\t%s\n' "-d, --device: Name of the device to create (no default)"
 	printf '\t%s\n' "-m, --mount-point: Path of the mount point to use (no default)"
 	printf '\t%s\n' "-a, --ask-pin, --no-ask-pin: Ask for a pin (off by default)"
 	printf '\t%s\n' "-s, --salt: Salt to use (default: '""')"
 	printf '\t%s\n' "-h, --help: Prints help"
 }
 parse_commandline()
 {
 	_positionals_count=0
 	while test $# -gt 0
 	do
 		_key="$1"
 		case "$_key" in
 			-c|--credentials-type)
 				test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1
 				_arg_credentials_type="$2"
 				shift
 				;;
 			--credentials-type=*)
 				_arg_credentials_type="${_key##--credentials-type=}"
 				;;
 			-c*)
 				_arg_credentials_type="${_key##-c}"
 				;;
 			-d|--device)
 				test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1
 				_arg_device="$2"
 				shift
 				;;
 			--device=*)
 				_arg_device="${_key##--device=}"
 				;;
 			-d*)
 				_arg_device="${_key##-d}"
 				;;
 			-m|--mount-point)
 				test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1
 				_arg_mount_point="$2"
 				shift
 				;;
 			--mount-point=*)
 				_arg_mount_point="${_key##--mount-point=}"
 				;;
 			-m*)
 				_arg_mount_point="${_key##-m}"
 				;;
 			-a|--no-ask-pin|--ask-pin)
 				_arg_ask_pin="on"
 				test "${1:0:5}" = "--no-" && _arg_ask_pin="off"
 				;;
 			-a*)
 				_arg_ask_pin="on"
 				_next="${_key##-a}"
 				if test -n "$_next" -a "$_next" != "$_key"
 				then
 					{ begins_with_short_option "$_next" && shift && set -- "-a" "-${_next}" "$@"; } || die "The short option '$_key' can't be decomposed to ${_key:0:2} and -${_key:2}, because ${_key:0:2} doesn't accept value and '-${_key:2:1}' doesn't correspond to a short option."
 				fi
 				;;
 			-s|--salt)
 				test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1
 				_arg_salt="$2"
 				shift
 				;;
 			--salt=*)
 				_arg_salt="${_key##--salt=}"
 				;;
 			-s*)
 				_arg_salt="${_key##-s}"
 				;;
 			-h|--help)
 				print_help
 				exit 0
 				;;
 			-h*)
 				print_help
 				exit 0
 				;;
 			*)
 				_last_positional="$1"
 				_positionals+=("$_last_positional")
 				_positionals_count=$((_positionals_count + 1))
 				;;
 		esac
 		shift
 	done
 }
 handle_passed_args_count()
 {
 	local _required_args_string="'operation'"
 	test "${_positionals_count}" -ge 1 || _PRINT_HELP=yes die "FATAL ERROR: Not enough positional arguments - we require exactly 1 (namely: $_required_args_string), but got only ${_positionals_count}." 1
 	test "${_positionals_count}" -le 1 || _PRINT_HELP=yes die "FATAL ERROR: There were spurious positional arguments --- we expect exactly 1 (namely: $_required_args_string), but got ${_positionals_count} (the last one was: '${_last_positional}')." 1
 }
 assign_positional_args()
 {
 	local _positional_name _shift_for=$1
 	_positional_names="_arg_operation "
 	shift "$_shift_for"
 	for _positional_name in ${_positional_names}
 	do
 		test $# -gt 0 || break
 		eval "$_positional_name=\${1}" || die "Error during argument parsing, possibly an Argbash bug." 1
 		shift
 	done
 }
 parse_commandline "$@"
 handle_passed_args_count
 assign_positional_args 1 "${_positionals[@]}"
 # OTHER STUFF GENERATED BY Argbash
 ### END OF CODE GENERATED BY Argbash (sortof) ### ])
 # [ <-- needed because of Argbash
 if [ -z ${_arg_mount_point} ]; then
  die "Missing '--mount-point' argument"
 fi
 if [ -z ${_arg_device} ]; then
  die "Missing '--device' argument"
 fi
 ASK_PIN=${_arg_ask_pin}
 OPERATION=${_arg_operation}
 DEVICE=${_arg_device}
 DEVICE_NAME=$(sed "s|/|_|g" <<< ${DEVICE})
 MOUNT_POINT=${_arg_mount_point}
 CREDENTIALS_TYPE=${_arg_credentials_type}
 SALT=${_arg_salt}
 CONF_FILE_PATH="/etc/fido2luksmounthelper.conf"
 if [ "${OPERATION}" == "mount" ]; then
 	if [ "${CREDENTIALS_TYPE}" == "external" ]; then
    if  [ -f ${CONF_FILE_PATH} ]; then
 			if [ "${ASK_PIN}" == "on" ]; then
 				read PASSWORD
 			fi
 			CREDENTIALS=$(<${CONF_FILE_PATH})
 		else
 			die "The configuration file '${CONF_FILE_PATH}' is missing. Please create it or use embedded credentials."
 		fi
 		printf ${PASSWORD} | fido2luks open --salt string:${SALT} --pin --pin-source /dev/stdin ${DEVICE} ${DEVICE_NAME} ${CREDENTIALS}
 	elif [ "${CREDENTIALS_TYPE}" == "embedded" ]; then
 		if [ "${ASK_PIN}" == "on" ]; then
 			read PASSWORD
 		fi
 		printf ${PASSWORD} | fido2luks open-token --salt string:${SALT} --pin --pin-source /dev/stdin ${DEVICE} ${DEVICE_NAME}
 	else
 		die "Given credential-type '${CREDENTIALS_TYPE}' is invalid. It must be 'external' or 'embedded'"
 	fi 
 	mount /dev/mapper/${DEVICE_NAME} ${MOUNT_POINT}
 elif [ "${OPERATION}" == "umount" ]; then
  umount ${MOUNT_POINT}
  cryptsetup luksClose ${DEVICE_NAME}
 else
  die "Given operation '${OPERATION}' is invalid. It must be 'mount' or 'unmount'"
 fi
 exit 0
 # ] <-- needed because of Argbash
--- a/src/cli.rs
+++ b/src/cli.rs
@ -25,7 +25,7 @@ fn read_pin(ap: &AuthenticatorParameters) -> Fido2LuksResult<String> {
    if let Some(src) = ap.pin_source.as_ref() {
        let mut pin = String::new();
        File::open(src)?.read_to_string(&mut pin)?;
-        Ok(pin.trim_end_matches("\n").to_string()) //remove trailing newline
+        Ok(pin)
    } else {
        util::read_password("Authenticator PIN", false)
    }
@ -71,12 +71,6 @@ pub fn parse_cmdline() -> Args {
    Args::from_args()
 }
 pub fn prompt_interaction(interactive: bool) {
    if interactive {
        println!("Authorize using your FIDO device");
    }
 }
 pub fn run_cli() -> Fido2LuksResult<()> {
    let mut stdout = io::stdout();
    let args = parse_cmdline();
@ -93,7 +87,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            } else {
                None
            };
-            let cred = make_credential_id(Some(name.as_ref()), pin)?;
+            let cred = make_credential_id(name.as_ref().map(|n| n.as_ref()), pin)?;
            println!("{}", hex::encode(&cred.id));
            Ok(())
        }
@ -115,7 +109,6 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            } else {
                secret.salt.obtain_sha256(&secret.password_helper)
            }?;
            prompt_interaction(interactive);
            let (secret, _cred) = derive_secret(
                credentials.ids.0.as_slice(),
                &salt,
@ -171,27 +164,23 @@ pub fn run_cli() -> Fido2LuksResult<()> {
                    } => Ok((util::read_keyfile(file)?, None)),
                    OtherSecret {
                        fido_device: true, ..
-                    } => {
+                    } => Ok(derive_secret(
-                        prompt_interaction(interactive);
+                        &credentials.ids.0,
-                        Ok(derive_secret(
+                        &salt(salt_q, verify)?,
-                            &credentials.ids.0,
+                        authenticator.await_time,
-                            &salt(salt_q, verify)?,
+                        pin.as_deref(),
-                            authenticator.await_time,
+                    )
-                            pin.as_deref(),
+                    .map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?),
                        )
                        .map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?)
                    }
                    _ => Ok((
                        util::read_password(salt_q, verify)?.as_bytes().to_vec(),
                        None,
                    )),
                }
            };
-            let secret = |q: &str, verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> {
+            let secret = |verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> {
                prompt_interaction(interactive);
                derive_secret(
                    &credentials.ids.0,
-                    &salt(q, verify)?,
+                    &salt("Password", verify)?,
                    authenticator.await_time,
                    pin.as_deref(),
                )
@ -201,7 +190,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            match &args.command {
                Command::AddKey { exclusive, .. } => {
                    let (existing_secret, _) = other_secret("Current password", false)?;
-                    let (new_secret, cred) = secret("Password to be added", true)?;
+                    let (new_secret, cred) = secret(true)?;
                    let added_slot = luks_dev.add_key(
                        &new_secret,
                        &existing_secret[..],
@ -226,7 +215,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
                    Ok(())
                }
                Command::ReplaceKey { add_password, .. } => {
-                    let (existing_secret, _) = secret("Current password", false)?;
+                    let (existing_secret, _) = secret(false)?;
                    let (replacement_secret, cred) = other_secret("Replacement password", true)?;
                    let slot = if *add_password {
                        luks_dev.add_key(
@ -259,7 +248,6 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            secret,
            name,
            retries,
            allow_discards,
            ..
        }
        | Command::OpenToken {
@ -268,7 +256,6 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            secret,
            name,
            retries,
            allow_discards,
        } => {
            let pin_string;
            let pin = if authenticator.pin {
@ -287,7 +274,6 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            // Cow shouldn't be necessary
            let secret = |credentials: Cow<'_, Vec<HexEncoded>>| {
                prompt_interaction(interactive);
                derive_secret(
                    credentials.as_ref(),
                    &salt("Password", false)?,
@ -301,9 +287,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            loop {
                let secret = match &args.command {
                    Command::Open { credentials, .. } => secret(Cow::Borrowed(&credentials.ids.0))
-                        .and_then(|(secret, _cred)| {
+                        .and_then(|(secret, _cred)| luks_dev.activate(&name, &secret, luks.slot)),
                            luks_dev.activate(&name, &secret, luks.slot, *allow_discards)
                        }),
                    Command::OpenToken { .. } => luks_dev.activate_token(
                        &name,
                        Box::new(|credentials: Vec<String>| {
@ -315,7 +299,6 @@ pub fn run_cli() -> Fido2LuksResult<()> {
                                .map(|(secret, cred)| (secret, hex::encode(&cred.id)))
                        }),
                        luks.slot,
                        *allow_discards,
                    ),
                    _ => unreachable!(),
                };
--- a/src/cli_args/mod.rs
+++ b/src/cli_args/mod.rs
@ -5,6 +5,8 @@ use structopt::clap::AppSettings;
 use structopt::StructOpt;
 mod config;
 #[cfg(any(feature = "setup", test))]
 mod setup;
 pub use config::*;
@ -216,9 +218,6 @@ pub enum Command {
        secret: SecretParameters,
        #[structopt(short = "r", long = "max-retries", default_value = "0")]
        retries: i32,
        /// Pass SSD trim instructions to the underlying block device
        #[structopt(long = "allow-discards")]
        allow_discards: bool,
    },
    /// Open the LUKS device using credentials embedded in the LUKS 2 header
    #[structopt(name = "open-token")]
@ -233,18 +232,15 @@ pub enum Command {
        secret: SecretParameters,
        #[structopt(short = "r", long = "max-retries", default_value = "0")]
        retries: i32,
        /// Pass SSD trim instructions to the underlying block device
        #[structopt(long = "allow-discards")]
        allow_discards: bool,
    },
    /// Generate a new FIDO credential
    #[structopt(name = "credential")]
    Credential {
        #[structopt(flatten)]
        authenticator: AuthenticatorParameters,
-        /// Name to be displayed on the authenticator display
+        /// Name to be displayed on the authenticator if it has a display
-        #[structopt(env = "FIDO2LUKS_CREDENTIAL_NAME", default_value = "fido2luks")]
+        #[structopt(env = "FIDO2LUKS_CREDENTIAL_NAME")]
-        name: String,
+        name: Option<String>,
    },
    /// Check if an authenticator is connected
    #[structopt(name = "connected")]
--- a/src/cli_args/setup.rs
+++ b/src/cli_args/setup.rs
@ -0,0 +1,94 @@
 use crate::cli_args::SecretInput;
 use crate::error::Fido2LuksResult;
 use crate::luks::LuksDevice;
 use std::io::{stdin, BufRead, BufReader};
 use std::path::{Path, PathBuf};
 enum Setup {
    Welcome,
    Disks {
        disks: Vec<PathBuf>,
    },
    Unlocked {
        disks: Vec<LuksDevice>,
        current_secrets: Vec<Vec<u8>>,
    },
    Salt {
        disks: Vec<PathBuf>,
        current_secrets: Vec<Vec<u8>>,
        salt: SecretInput,
    },
    Config {
        salt: SecretInput,
    },
 }
 impl Setup {
    fn description(&self) -> String {
        match self {
            Self::Welcome => {
                "Please enter the device path for all disks you want to protect".into()
            }
            _ => "".into(),
        }
    }
    fn next(self) -> Fido2LuksResult<Self> {
        println!("{}", self.description());
        Ok(match self {
            Self::Welcome => {
                let mut disks = Vec::new();
                for path in BufReader::new(stdin()).lines() {
                    let path_string = path?;
                    let path = match path_string.as_str() {
                        "" => break,
                        path => Path::new(path),
                    };
                    if path.exists() {
                        disks.push(path.to_path_buf());
                    } else {
                        eprintln!(
                            "{} does not exist, try again or hit enter to finish",
                            path.display()
                        );
                    }
                }
                Self::Disks { disks }
            }
            Self::Disks { disks } => {
                let mut luks_devs = Vec::new();
                let add_dev = |path: &Path| -> Fido2LuksResult<Option<LuksDevice>> {
                    match LuksDevice::load(path) {
                        Ok(luks) => return Ok(Some(luks)),
                        Err(dev) => {
                            let mut ans = String::new();
                            loop {
                                eprint!("Failed to open {}\nIs it an LUKS device or could it be the mounted block device? Skip/Replace (s,r): ");
                                stdin().read_line(&mut ans)?;
                                match ans.as_str() {
                                    "s" => return Ok(None),
                                    "r" => {
                                        print!("Enter an new device path: ");
                                        stdin().read_line(&mut ans)?;
                                        let path = PathBuf::from(&ans);
                                        return add_dev(path.as_path());
                                    }
                                    _ => (),
                                }
                            }
                        }
                    }
                    Ok(None)
                };
                for dev in disks.iter() {
                    let path = PathBuf::from(&dev);
                    if let Some(luks) = add_dev(path.as_path()) {
                        luks_devs.push(luks);
                    }
                }
                unreachable!()
            }
            _ => unreachable!(),
        })
    }
 }
--- a/src/luks.rs
+++ b/src/luks.rs
@ -1,8 +1,8 @@
 use crate::error::*;
 use libcryptsetup_rs::{
-    CryptActivateFlag, CryptActivateFlags, CryptDevice, CryptInit, CryptTokenInfo,
+    CryptActivateFlags, CryptDevice, CryptInit, CryptTokenInfo, EncryptionFormat, KeyslotInfo,
-    EncryptionFormat, KeyslotInfo, TokenInput,
+    TokenInput,
 };
 use std::collections::{HashMap, HashSet};
 use std::path::Path;
@ -221,15 +221,10 @@ impl LuksDevice {
        name: &str,
        secret: &[u8],
        slot_hint: Option<u32>,
        allow_discard: bool,
    ) -> Fido2LuksResult<u32> {
        let mut flags = CryptActivateFlags::empty();
        if allow_discard {
            flags = CryptActivateFlags::new(vec![CryptActivateFlag::AllowDiscards]);
        }
        self.device
            .activate_handle()
-            .activate_by_passphrase(Some(name), slot_hint, secret, flags)
+            .activate_by_passphrase(Some(name), slot_hint, secret, CryptActivateFlags::empty())
            .map_err(LuksError::activate)
    }
@ -238,7 +233,6 @@ impl LuksDevice {
        name: &str,
        secret: impl Fn(Vec<String>) -> Fido2LuksResult<([u8; 32], String)>,
        slot_hint: Option<u32>,
        allow_discard: bool,
    ) -> Fido2LuksResult<u32> {
        if !self.is_luks2()? {
            return Err(LuksError::Luks2Required.into());
@ -282,7 +276,7 @@ impl LuksDevice {
                .chain(std::iter::once(None).take(slots.is_empty() as usize)), // Try all slots as last resort
        );
        for slot in slots {
-            match self.activate(name, &secret, slot, allow_discard) {
+            match self.activate(name, &secret, slot) {
                Err(Fido2LuksError::WrongSecret) => (),
                res => return res,
            }