This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
profile_encryption [2022/03/10 18:16] James Prestwood [Decrypting Profiles] |
profile_encryption [2022/03/10 18:23] James Prestwood |
||
---|---|---|---|
Line 22: | Line 22: | ||
9cUQfM5ynSaV2UjeUWEHuz4fwDsXGLB9eELXLztzUU9nsAyLvs3ZRR+eEK/A== | 9cUQfM5ynSaV2UjeUWEHuz4fwDsXGLB9eELXLztzUU9nsAyLvs3ZRR+eEK/A== | ||
- | This can then be pasted directly into the IWD service file. Note that '**iwd-secret**' can be named anything you want. | + | This can then be pasted directly into the IWD service file. Note that '**iwd-secret**' can be named anything you want. Following example 1 in the documentation lets you store the encrypted secret in a file directly, and this can be set in the service file with **LoadCredentialEncrypted**. There is no difference from IWD's point of view with these two methods. |
==== Setup (IWD) ==== | ==== Setup (IWD) ==== | ||
Line 30: | Line 30: | ||
SystemdEncrypt=iwd-secret | SystemdEncrypt=iwd-secret | ||
- | Running IWD with this option enables profile encryption, and any profiles currently on the system will be encrypted automatically as discussed in the disclaimer. | + | Running IWD with this option enables profile encryption, and any profiles currently on the system will be encrypted automatically as discussed in the disclaimer. At this point there is nothing else needed. Any future profiles will be encrypted automatically. |
==== Decrypting Profiles ==== | ==== Decrypting Profiles ==== | ||
- | Oops, I accidentally just encrypted my profiles and I want them back! Not all is lost and profiles can be decrypted back into plaintext using iwd-decrypt-profile, given you remember the password used with systemd-creds. This tool takes an input file (--infile), password/secret file (--pass/--file), and optionally a profile name (--name) if one cannot be determined based on the input file. | + | Oops, I accidentally just encrypted my profiles and I want them back! Not all is lost and profiles can be decrypted back into plaintext using iwd-decrypt-profile, given you remember the password used with systemd-creds. This tool takes an input file (**--infile**), password/secret file (**--pass/--file**), and optionally a profile name (**--name**) if one cannot be determined based on the input file. |
- | Note: Depending on how you set up the credentials with systemd-creds your password might have a newline appended. This is due to systemd ultimately storing it in a file and appending a newline character. | + | Note: Depending on how you set up the credentials with systemd-creds your password might have a newline appended. This is due to systemd ultimately storing it in a file and appending a newline character, shown in the example below. |
./tools/iwd-decrypt-profile --infile /var/lib/iwd/MySSID.psk --pass secret123$'\n' | ./tools/iwd-decrypt-profile --infile /var/lib/iwd/MySSID.psk --pass secret123$'\n' |