User Tools

Site Tools


profile_encryption

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
profile_encryption [2022/03/10 18:22]
James Prestwood
profile_encryption [2022/03/10 18:28]
James Prestwood [Setup (IWD)]
Line 7: Line 7:
  
 ==== Setup (systemd) ==== ==== Setup (systemd) ====
-First, systemd must be set up to pass a secret credential to IWD. This can be done one of two ways using either **SetCredentialEncrypted** or **LoadCredentialEncrypted**. ​This can be done using new systemd ​utility, [[https://​www.freedesktop.org/​software/​systemd/​man/​systemd-creds.html|systemd-creds]].+First, systemd must be set up to pass a secret credential to IWD. The secret ​can be set one of two ways using either **SetCredentialEncrypted** or **LoadCredentialEncrypted**. ​Systemd provides ​a utility ​for this, [[https://​www.freedesktop.org/​software/​systemd/​man/​systemd-creds.html|systemd-creds]].
  
 This simplest way is to follow Example 2 in the documentation for systemd-creds and invoke something like: This simplest way is to follow Example 2 in the documentation for systemd-creds and invoke something like:
Line 25: Line 25:
  
 ==== Setup (IWD) ==== ==== Setup (IWD) ====
-A new main.conf option was added, **SystemdEncrypt**,​ who's value is the identifier used with systemd-creds. In this case '​iwd-secret'​+A new main.conf option was added, **SystemdEncrypt**,​ who's value is the identifier used with systemd-creds. In this case '**iwd-secret**'
  
     # file: main.conf     # file: main.conf
Line 35: Line 35:
 Oops, I accidentally just encrypted my profiles and I want them back! Not all is lost and profiles can be decrypted back into plaintext using iwd-decrypt-profile,​ given you remember the password used with systemd-creds. This tool takes an input file (**--infile**),​ password/​secret file (**--pass/​--file**),​ and optionally a profile name (**--name**) if one cannot be determined based on the input file. Oops, I accidentally just encrypted my profiles and I want them back! Not all is lost and profiles can be decrypted back into plaintext using iwd-decrypt-profile,​ given you remember the password used with systemd-creds. This tool takes an input file (**--infile**),​ password/​secret file (**--pass/​--file**),​ and optionally a profile name (**--name**) if one cannot be determined based on the input file.
  
-Note: Depending on how you set up the credentials with systemd-creds your password might have a newline appended. This is due to systemd ultimately storing it in a file and appending a newline character.+Note: Depending on how you set up the credentials with systemd-creds your password might have a newline appended. This is due to systemd ultimately storing it in a file and appending a newline character, shown in the example below.
  
     ./​tools/​iwd-decrypt-profile --infile /​var/​lib/​iwd/​MySSID.psk --pass secret123$'​\n'​     ./​tools/​iwd-decrypt-profile --infile /​var/​lib/​iwd/​MySSID.psk --pass secret123$'​\n'​
profile_encryption.txt ยท Last modified: 2022/03/11 16:35 by James Prestwood