Red Hat Training

A Red Hat training course is available for RHEL 8

11.2. 安装加密客户端 - Clevis

使用此流程可以在您的系统上部署并开始使用 Clevis 可插拔框架。


  1. 在带有加密卷的系统上安装 Clevis 及其 pins:

    # yum install clevis
  2. 要解密数据,请使用 clevis decrypt 命令,并提供 JSON Web 加密(JWE)格式的密码文本,例如:

    $ clevis decrypt < secret.jwe


  • cllevis(1) 手册页
  • 输入不带任何参数的 clevis 命令后,内置的 CLI 帮助信息:

    $ clevis
    Usage: clevis COMMAND [OPTIONS]
    clevis decrypt      Decrypts using the policy defined at encryption time
    clevis encrypt sss  Encrypts using a Shamir's Secret Sharing policy
    clevis encrypt tang Encrypts using a Tang binding server policy
    clevis encrypt tpm2 Encrypts using a TPM2.0 chip binding policy
    clevis luks bind    Binds a LUKS device using the specified policy
    clevis luks edit    Edit a binding from a clevis-bound slot in a LUKS device
    clevis luks list    Lists pins bound to a LUKSv1 or LUKSv2 device
    clevis luks pass    Returns the LUKS passphrase used for binding a particular slot.
    clevis luks regen   Regenerate clevis binding
    clevis luks report  Report tang keys' rotations
    clevis luks unbind  Unbinds a pin bound to a LUKS volume
    clevis luks unlock  Unlocks a LUKS volume