19.3.2. Saving encryption keys
After completing the required preparation (see Section 19.3.1, “Preparation for saving encryption keys”) it is now possible to save the encryption keys using the following procedure.
For all examples in this file,
/path/to/volumeis a LUKS device, not the plaintext device contained within;
blkid -s typeshould report
Procedure 19.4. Saving encryption keys
- Save the generated
escrow-packetfile in the prepared storage, associating it with the system and the volume.
These steps can be performed manually, or scripted as part of system installation.