19.3.2. Saving encryption keys

download PDF
After completing the required preparation (see Section 19.3.1, “Preparation for saving encryption keys”) it is now possible to save the encryption keys using the following procedure.


For all examples in this file, /path/to/volume is a LUKS device, not the plaintext device contained within; blkid -s type /path/to/volume should report type="crypto_LUKS".

Procedure 19.4. Saving encryption keys

  1. Run:
    volume_key --save /path/to/volume -c /path/to/cert escrow-packet
  2. Save the generated escrow-packet file in the prepared storage, associating it with the system and the volume.
These steps can be performed manually, or scripted as part of system installation.
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.