Zulucrypt yubikey

Can someone help me create an encrypted volume file using zulucrypt gui using a yubikey challenge/response.

I have set the slot 2 on the yubikey to be challenge/response with no “request touch”. (It does have a secret key in there it just does not show it in the screenshot).


I create a 100MB “container in new file” in zulu.

I create a new volume with mostly default settings except i change the “key” to “Yubikey challenge/response”, put in a simple password and hit “Create”

The yubikey flashes a bit, and after a short while it says it has created it successfully
Screenshot_20240803_122949
But when i try to decrypt/mount the volume it does not work?


I have tried not pressing the yubikey (because it is setup as to not require a press), i tried short and long pressing the key before i hit “open”, during pressing “open” and after pressing “open”. I also tried setting the yubikey to require a key press but always says the same error.

Could not get passphrase in silent mode

The slot2 on the key does give a response:

❱ykchalresp -2 "test"
47abbca32cc781c97a773608ae5551a1cdc390c5

what am i doing wrong?

The gui is definitely broken somehow – there is no option to disable or configure this “silent mode”. And CLI doesn’t support Yubikey out of box (at least I don’t see way to ask Yubikey directly from program) but you can pass password as one of parameters – that’s the example how to achieve this:

zuluCrypt-cli -o -d "/home/tomek/zulutest" -m "zulutest" -e rw "" -t aes.cbc-essiv:sha256.256.sha256.0 -p $(ykchalresp -2 "test")

I just opened debug mode in gui, copied (or rather zuluCrypt-cli command and added -p $(ykchalresp -2 "test")

Thx, but if i can’t do it via the GUI then i shall move on as i really did not want to go that deep. I don’t see how passing “test” as a challenge would even work, surly zulu is supposed to pass a specific challenge, i just used “test” to demonstrate that the yubikey was set up correctly.

I did ask the dev and he says (well implies) that it should work and thats its just a case of learning how to use it but iv been trying for some days. (see last 3 posts here)

EDIT: unless you are saying that zulu passes the password itself (the one you manually enter) as the challenge to the ybuikey?

EDIT2:
Are you saying that you tried it and got the same results (error) as me? If so i can add that to the github thread, say im not the only one who see’s this resault.

Lets assume this. The test is password you configured here

You should also pass test here

But you can also use “Password” when decrypting/mounting – in that case you should pass 47abbca32cc781c97a773608ae5551a1cdc390c5 as password.

That’s how challenge response works – you send challenge (test) to Youbikey to receive secret (47abbca32cc781c97a773608ae5551a1cdc390c5) generated from key saved on Yubikey. For same input you will always receive same response (which most programs use as simple password to unlock something)

Yes, I tried and received exactly the same results as you. I looked into help and other documentation of this project – there is nothing about Yubikey so you have full right to be angry at developer because he not documented this feature (and probably not tested, because not work correctly) Maybe it don’t pass challenge to ykchalresp or maybe do it but not process output correctly or something else, who knows.

See also this purposely wrong command – with correct command everything is ok without root permissions, if something is bad even sudo isn’t enough – this is definitely bad project:

~ > zuluCrypt-cli -O -d ~/zulutest -m zulutest -t plain                                                                                 
ERROR: Only root user can perform this operation
~ > sudo zuluCrypt-cli -O -d ~/zulutest -m zulutest -t plain
Please touch the device.
ERROR: Only root user can perform this operation
~ > sudo su -                                               
[tomek-pc ~]# sudo zuluCrypt-cli -O -d /home/tomek/zulutest -m zulutest -t plain
ERROR: -O and -m options can not be used together
1 Like

I shall post again on the guthub.

I didn’t want to go to far into the depths of it all, i had seen yubikey mentioned when i use zulu (i use it a lot, but iv just brought a couple of yubikeys) and i thought to myself:

“hmm that would be quite cool if i could use this key”

But I’m not banging my head against a wall trying to figure it. If its not obvious to use with the GUI then all that will happen is i will create an encrypted volume, put my stuff in it, but when i come back to it months later i will have forgotten all about this headache & i will be cursing. It has to be 100% reliable (obviously).

Ok, many thx for the support and your time :smile: