As you can see by my UserName, I am the person who filed that Bug as a danger to users… Specifically brought up by @ichbinsokreativ, me trying to help him…

Thank you Skull giver for the golang code, I had to debug your code, to get it to run, because of the forum transposing HTML char codes for some characters… Unfortunatley, displaying the result onto console displays ‘jibberish’, as you thought might happen. Console cannot display raw hex characters.

Redirecting the output as you posted doesn’t work, as the script then doesn’t get the input of the recovery key, so errors.

I have a request… I know a lot of languages, but GO isn’t one of them. Please… Could you please add a few lines to write the result directly to a file called recovery.key? Then if raw or hex, it would get to a key-file… Then I can test if that is going to work to add additional keys to the LUKS containers, and to be able to help people re-enroll the TPM key.

If you could, they we would have a recovery work-around.

Yes. They did something similar for past ZFS encryptions i their canned installs, but used native ZFS encryption, with a locked encrytped keyfile stored within a LUKS container, that had to be unlocked and mounted before unlocking the ZFS pools. Sometimes I don’t follow the logic behind some things.

It seems like they often add complication to what should be simpler.