This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
profile_encryption [2022/03/10 18:22] James Prestwood |
profile_encryption [2022/03/10 18:28] James Prestwood [Setup (IWD)] |
||
---|---|---|---|
Line 7: | Line 7: | ||
==== Setup (systemd) ==== | ==== Setup (systemd) ==== | ||
- | First, systemd must be set up to pass a secret credential to IWD. This can be done one of two ways using either **SetCredentialEncrypted** or **LoadCredentialEncrypted**. This can be done using a new systemd utility, [[https://www.freedesktop.org/software/systemd/man/systemd-creds.html|systemd-creds]]. | + | First, systemd must be set up to pass a secret credential to IWD. The secret can be set one of two ways using either **SetCredentialEncrypted** or **LoadCredentialEncrypted**. Systemd provides a utility for this, [[https://www.freedesktop.org/software/systemd/man/systemd-creds.html|systemd-creds]]. |
This simplest way is to follow Example 2 in the documentation for systemd-creds and invoke something like: | This simplest way is to follow Example 2 in the documentation for systemd-creds and invoke something like: | ||
Line 25: | Line 25: | ||
==== Setup (IWD) ==== | ==== Setup (IWD) ==== | ||
- | A new main.conf option was added, **SystemdEncrypt**, who's value is the identifier used with systemd-creds. In this case 'iwd-secret' | + | A new main.conf option was added, **SystemdEncrypt**, who's value is the identifier used with systemd-creds. In this case '**iwd-secret**' |
# file: main.conf | # file: main.conf | ||
Line 35: | Line 35: | ||
Oops, I accidentally just encrypted my profiles and I want them back! Not all is lost and profiles can be decrypted back into plaintext using iwd-decrypt-profile, given you remember the password used with systemd-creds. This tool takes an input file (**--infile**), password/secret file (**--pass/--file**), and optionally a profile name (**--name**) if one cannot be determined based on the input file. | Oops, I accidentally just encrypted my profiles and I want them back! Not all is lost and profiles can be decrypted back into plaintext using iwd-decrypt-profile, given you remember the password used with systemd-creds. This tool takes an input file (**--infile**), password/secret file (**--pass/--file**), and optionally a profile name (**--name**) if one cannot be determined based on the input file. | ||
- | Note: Depending on how you set up the credentials with systemd-creds your password might have a newline appended. This is due to systemd ultimately storing it in a file and appending a newline character. | + | Note: Depending on how you set up the credentials with systemd-creds your password might have a newline appended. This is due to systemd ultimately storing it in a file and appending a newline character, shown in the example below. |
./tools/iwd-decrypt-profile --infile /var/lib/iwd/MySSID.psk --pass secret123$'\n' | ./tools/iwd-decrypt-profile --infile /var/lib/iwd/MySSID.psk --pass secret123$'\n' |