Menu Close
Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
4.10.2. 暗号化クライアント (Clevis) のインストール
Clevis のプラグイン可能なフレームワークとピンを、暗号化したボリュームを使用するマシン (クライアント) にインストールするには、
root
で以下のコマンドを実行します。
~]# yum install clevis
データを複号するには、clevis decrypt コマンドを実行して、暗号文 (JWE) を提供します。
~]$ clevis decrypt < JWE > PLAINTEXT
詳細は、CLI ヘルプを参照してください。
~]$ clevis Usage: clevis COMMAND [OPTIONS] clevis decrypt Decrypts using the policy defined at encryption time clevis encrypt http Encrypts using a REST HTTP escrow server policy clevis encrypt sss Encrypts using a Shamir's Secret Sharing policy clevis encrypt tang Encrypts using a Tang binding server policy clevis encrypt tpm2 Encrypts using a TPM2.0 chip binding policy ~]$ clevis decrypt Usage: clevis decrypt < JWE > PLAINTEXT Decrypts using the policy defined at encryption time ~]$ clevis encrypt tang Usage: clevis encrypt tang CONFIG < PLAINTEXT > JWE Encrypts using a Tang binding server policy This command uses the following configuration properties: url: <string> The base URL of the Tang server (REQUIRED) thp: <string> The thumbprint of a trusted signing key adv: <string> A filename containing a trusted advertisement adv: <object> A trusted advertisement (raw JSON) Obtaining the thumbprint of a trusted signing key is easy. If you have access to the Tang server's database directory, simply do: $ jose jwk thp -i $DBDIR/$SIG.jwk Alternatively, if you have certainty that your network connection is not compromised (not likely), you can download the advertisement yourself using: $ curl -f $URL/adv > adv.jws