On thing I forgot: I think you should somehow standardise how keyscript developers may specify options (especially multiple) for the keyscripts.
You see already from your own scripts, that multiple options are necessary (passdev: device, file[, timeout]). You've seen all the options that I offered,.. and you can imagine what other people want... specifying an network interface, where the key should be read from, or specifying a card reader (there could be multiple attached), and a key slot on a smartcard... etc. etc. I'd say the best idea is to put all in crypttab, both options for keyscripts, as well as options for the respective hooks... There should be just a "standard" how to specifiy them, e.g. thrid field of crpyttab, multiple separated by commas, mustn't contain commas (as long as we have no quotation algorithm for this). The way I did it in mine,.. is basically stolen from how you did this for parsing crypttab,... I just modified the regexp a bit. As you can see I used ":" as separator as you (or David) did in passdev,... but I'd think "," would be nicer, as you already use this in the conf.d file in the initramfs... Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
