profile_encryption
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
profile_encryption [2022/03/10 18:21] James Prestwood |
profile_encryption [2022/03/11 16:35] (current) James Prestwood [Setup (IWD)] |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| ==== Setup (systemd) ==== | ==== Setup (systemd) ==== | ||
| - | First, systemd must be set up to pass a secret credential to IWD. This can be done one of two ways using either **SetCredentialEncrypted** or **LoadCredentialEncrypted**. This can be done using a new systemd utility, [[https://www.freedesktop.org/software/systemd/man/systemd-creds.html|systemd-creds]]. | + | First, systemd must be set up to pass a secret credential to IWD. The secret can be set one of two ways using either **SetCredentialEncrypted** or **LoadCredentialEncrypted**. Systemd provides a utility for this, [[https://www.freedesktop.org/software/systemd/man/systemd-creds.html|systemd-creds]]. |
| This simplest way is to follow Example 2 in the documentation for systemd-creds and invoke something like: | This simplest way is to follow Example 2 in the documentation for systemd-creds and invoke something like: | ||
| Line 25: | Line 25: | ||
| ==== Setup (IWD) ==== | ==== Setup (IWD) ==== | ||
| - | A new main.conf option was added, **SystemdEncrypt**, who's value is the identifier used with systemd-creds. In this case 'iwd-secret' | + | A new main.conf option was added, **SystemdEncrypt**, who's value is the identifier used with systemd-creds. In this case '**iwd-secret**' |
| # file: main.conf | # file: main.conf | ||
| + | [General] | ||
| SystemdEncrypt=iwd-secret | SystemdEncrypt=iwd-secret | ||
| Line 33: | Line 34: | ||
| ==== Decrypting Profiles ==== | ==== Decrypting Profiles ==== | ||
| - | Oops, I accidentally just encrypted my profiles and I want them back! Not all is lost and profiles can be decrypted back into plaintext using iwd-decrypt-profile, given you remember the password used with systemd-creds. This tool takes an input file (--infile), password/secret file (--pass/--file), and optionally a profile name (--name) if one cannot be determined based on the input file. | + | Oops, I accidentally just encrypted my profiles and I want them back! Not all is lost and profiles can be decrypted back into plaintext using iwd-decrypt-profile, given you remember the password used with systemd-creds. This tool takes an input file (**--infile**), password/secret file (**--pass/--file**), and optionally a profile name (**--name**) if one cannot be determined based on the input file. |
| - | Note: Depending on how you set up the credentials with systemd-creds your password might have a newline appended. This is due to systemd ultimately storing it in a file and appending a newline character. | + | Note: Depending on how you set up the credentials with systemd-creds your password might have a newline appended. This is due to systemd ultimately storing it in a file and appending a newline character, shown in the example below. |
| ./tools/iwd-decrypt-profile --infile /var/lib/iwd/MySSID.psk --pass secret123$'\n' | ./tools/iwd-decrypt-profile --infile /var/lib/iwd/MySSID.psk --pass secret123$'\n' | ||
profile_encryption.1646936511.txt.gz ยท Last modified: 2022/03/10 18:21 by James Prestwood
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
