diff --git a/utils/pkgs/ykfde/scripts/ykfde_enroll b/utils/pkgs/ykfde/scripts/ykfde_enroll
index bb7633a..11a9a23 100755
--- a/utils/pkgs/ykfde/scripts/ykfde_enroll
+++ b/utils/pkgs/ykfde/scripts/ykfde_enroll
@@ -2,7 +2,8 @@
 
 set -euo pipefail
 
-echo "start in\nnix-shell https://github.com/sgillespie/nixos-yubikey-luks/archive/master.tar.gz"
+echo "start in"
+echo "nix-shell https://github.com/sgillespie/nixos-yubikey-luks/archive/master.tar.gz"
 
 # sanitize environment
 YKFDE_SLOT=2
@@ -25,9 +26,9 @@ if [ "$YKFDE_SLOT_CHECK" != 1 ]; then
 fi
 
 YKFDE_SALT="$(dd if=/dev/random bs=1 count=$YKFDE_SALT_LENGTH 2>/dev/null | rbtohex)"
-YKFDE_CHALLENGE="$(echo -n $salt | openssl dgst -binary -sha512 | rbtohex)"
+YKFDE_CHALLENGE="$(echo -n $YKFDE_SALT | openssl dgst -binary -sha512 | rbtohex)"
 YKFDE_RESPONSE="$(ykchalresp -2 -x $YKFDE_CHALLENGE 2>/dev/null)"
-YKFDE_K_LUKS="$(echo | pbkdf2-sha512 $(($YKFDE_KEY_LENGTH / 8)) $YKFDE_ITERATIONS $YKFDE_RESPONSE)"
+YKFDE_K_LUKS="$(echo | pbkdf2-sha512 $(($YKFDE_KEY_LENGTH / 8)) $YKFDE_ITERATIONS $YKFDE_RESPONSE | rbtohex)"
 mkdir -p "$(dirname $YKFDE_STORAGE)"
 echo -ne "$YKFDE_SALT\n$YKFDE_ITERATIONS" > $YKFDE_STORAGE
 echo $YKFDE_K_LUKS > luks.key