Skip to content

Getting Started

Jump to bottom Edit New page
Elliot Jordan edited this page Aug 10, 2023 · 4 revisions

For machines that DON'T have FileVault enabled.

  1. Download the latest release.
  2. Set the ServerURL Preference for your instance of Crypt-Server.
  3. Install the release for your macOS version.
  4. Restart the computer and login as the user you would like to enable encryption with.
  5. That's it! If you are on an APFS system FileVault should be encrypting. If not you'll be prompted to reboot for encryption to begin.

For machines with FileVault already enabled.

You can have Crypt make new recovery keys for machines with FileVault already enabled.

  1. Download the latest release.
  2. Set the ServerURL Preference for your instance of Crypt-Server.
  3. Set all the Preferences mentioned here.
  4. Restart the machine and log in.
  5. Crypt should make a new key and escrow it to your Crypt server.

For machines that escrow to MDM.

Even if you're not escrowing FileVault keys to a Crypt server, you can still use the Crypt agent to regenerate keys and escrow to your MDM server.

  1. Download the latest release.

  2. Set the GenerateNewKey Preference:

     sudo defaults write /Library/Preferences/com.grahamgilbert.crypt.plist GenerateNewKey -bool true

  3. Restart the machine and log in.

  4. Crypt should make a new key and escrow it to your MDM. (This happens in the SecurityInfo MDM response, paired with the inventory collection process for many MDMs.)

NOTE: If you don't intend to use the advanced features of Crypt or escrow to a Crypt server, you may want to check out Escrow Buddy.

Helpful tips

  • Force a check-in: sudo /Library/Crypt/checkin
Add a custom footer
Add a custom sidebar
Clone this wiki locally