Red Hat Training

A Red Hat training course is available for RHEL 8

11.2. 安装加密客户端 - Clevis

使用 Clevis 可插入框架在您的系统上部署和启动此流程。


  1. 在带有加密卷的系统中安装 Clevis 及其 pins:

    # yum install clevis
  2. 要解密数据,请使用 clevis 解密 命令并以 JSON Web 加密(JWE)格式提供密码文本,例如:

    $ clevis decrypt < secret.jwe


  • cllevis(1) man page
  • 在不带任何参数输入 clevis 命令后内置 CLI 帮助:

    $ clevis
    Usage: clevis COMMAND [OPTIONS]
    clevis decrypt             Decrypts using the policy defined at encryption time
    clevis encrypt sss         Encrypts using a Shamir's Secret Sharing policy
    clevis encrypt tang        Encrypts using a Tang binding server policy
    clevis encrypt tpm2        Encrypts using a TPM2.0 chip binding policy
    clevis luks bind           Binds a LUKS device using the specified policy
    clevis luks list           Lists pins bound to a LUKSv1 or LUKSv2 device
    clevis luks pass           Returns the LUKS passphrase used for binding a particular slot.
    clevis luks regen          Regenerate LUKS metadata
    clevis luks report         Report any key rotation on the server side
    clevis luks unbind         Unbinds a pin bound to a LUKS volume
    clevis luks unlock         Unlocks a LUKS volume