« Previous 1 2
Automatic data encryption and decryption with Clevis and Tang
Passing Secrets
Conclusions
Data can be decrypted in a completely automatic process using Clevis and Tang. Clevis relies on Tang, so the data decryption only works if the Tang server is available. Under no circumstances does the actual key cross the wire; instead, it is recalculated during the recovery process. Policies can be defined using the SSS algorithm so that different data encryption and decryption methods are used where necessary.
Infos
- dm-crypt: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
- LUKS: https://gitlab.com/cryptsetup/cryptsetup
- HashiCorp Vault: https://www.vaultproject.io
- Tang GitHub repository: https://github.com/latchset/tang
- Clevis GitHub repository: https://github.com/latchset/clevis
- Clevis, Tang, and PINs name concept: https://en.wikipedia.org/wiki/Clevis_fastener
- SSS algorithm: https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing
« Previous 1 2
Buy this article as PDF
Express-Checkout as PDF
Price $2.95
(incl. VAT)
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Topics
12.04 LTS
16 cores
8 cores
AI
AMD
AMD-V
AMI
Active Directory
Administration
Amazon AWS
Amazon CloudFront
Amazon Machine Images
Anaconda
Analytics
Ansible
Apache
Apache Deltacloud
Apache benchmarking tool
ab
acceleration
acquisition
admin tools
agedu
alert
amazon
analysis
analysis
anticipatory
application performance