Oh and I forget (but it seems this is already clear as well): keyscripts may make use of arbitrary other programs... OpenSSL, pcscd, gpg, etc. pp. I've just attached my own keyscript to give an example (just the script, not the initramfs-tools hook or documentation).
The biggest problem is likely stuff that requires terminal input (AFAIU systemd takes this over or at least should do so). In Debians cryptsetup, there's /lib/cryptsetup/askpass which I for example use to gather the passphrase (which is used to decrypt the OpenPGP encrypted actual key). So I guess that needs to be adapted somehow as well... either this, or properly documented how to do things in the systemd-way. And of course, any keyscripts would then need to support both,... a systemd-way of interactive input (if there is any)... and the traditional via e.g. askpass (AFAIU, the tech-ctte decision will just define a new default init,... but not forbid any others). Cheers, Chris.
decrypt_openpgp
Description: application/shellscript
smime.p7s
Description: S/MIME cryptographic signature
