10.2. 安装加密客户端 - Clevis
要配置加密卷的自动解锁,您必须首先在客户端系统上部署 Clevis 可插拔框架。
流程
在带有加密卷的系统上安装 Clevis 及其 pins:
# yum install clevis
要解密数据,请使用
clevis decrypt
命令,并提供 JSON Web 加密(JWE)格式的密码文本,例如:$ clevis decrypt < secret.jwe
其它资源
-
cllevis(1)
手册页 输入不带任何参数的
clevis
命令后,内置的 CLI 帮助信息:$ clevis Usage: clevis COMMAND [OPTIONS] clevis decrypt Decrypts using the policy defined at encryption time clevis encrypt sss Encrypts using a Shamir's Secret Sharing policy clevis encrypt tang Encrypts using a Tang binding server policy clevis encrypt tpm2 Encrypts using a TPM2.0 chip binding policy clevis luks bind Binds a LUKS device using the specified policy clevis luks edit Edit a binding from a clevis-bound slot in a LUKS device clevis luks list Lists pins bound to a LUKSv1 or LUKSv2 device clevis luks pass Returns the LUKS passphrase used for binding a particular slot. clevis luks regen Regenerate clevis binding clevis luks report Report tang keys' rotations clevis luks unbind Unbinds a pin bound to a LUKS volume clevis luks unlock Unlocks a LUKS volume