Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
4.10.2. 암호화 클라이언트 설치 - Clevis
Clevis 플러그형 프레임워크와 암호화된 볼륨(클라이언트)이 있는 머신에 고정을 설치하려면
root 로 다음 명령을 입력합니다.
~]# yum install clevis
데이터의 암호를 해독하려면 clevis decrypt 명령을 사용하여 JWE(암호화 텍스트)를 제공합니다.
~]$ clevis decrypt < JWE > PLAINTEXT
자세한 내용은 기본 제공 CLI 도움말을 참조하십시오.
~]$ clevis Usage: clevis COMMAND [OPTIONS] clevis decrypt Decrypts using the policy defined at encryption time clevis encrypt http Encrypts using a REST HTTP escrow server policy clevis encrypt sss Encrypts using a Shamir's Secret Sharing policy clevis encrypt tang Encrypts using a Tang binding server policy clevis encrypt tpm2 Encrypts using a TPM2.0 chip binding policy ~]$ clevis decrypt Usage: clevis decrypt < JWE > PLAINTEXT Decrypts using the policy defined at encryption time ~]$ clevis encrypt tang Usage: clevis encrypt tang CONFIG < PLAINTEXT > JWE Encrypts using a Tang binding server policy This command uses the following configuration properties: url: <string> The base URL of the Tang server (REQUIRED) thp: <string> The thumbprint of a trusted signing key adv: <string> A filename containing a trusted advertisement adv: <object> A trusted advertisement (raw JSON) Obtaining the thumbprint of a trusted signing key is easy. If you have access to the Tang server's database directory, simply do: $ jose jwk thp -i $DBDIR/$SIG.jwk Alternatively, if you have certainty that your network connection is not compromised (not likely), you can download the advertisement yourself using: $ curl -f $URL/adv > adv.jws
