-
Notifications
You must be signed in to change notification settings - Fork 48
Rotating or Generating New Keys
Crypt can easily rotate or generate new recovery keys of already encrypted machines. To do so you need to first make sure that crypt is properly installed, and make sure all three of the following are set to the following values. For more info on these keys, they are located on the Prefences page. All that is left to do is restart and log-in. If you are experiencing issues, please check the authorized plugin logs for clues before asking for help.
<key>RemovePlist</key>
<false/>
<key>RotateUsedKey</key>
<true/>
<key>ValidateKey</key>
<true/>The above will only generate a new key during login if there is not already a key at the location set by the OutputPath preference.
As of version 3.1.0 you can now rotate/generate a new key during login by setting the GenerateNewKey Preference to a boolean of True, it will be set back to False after a successful rotation, NOTE: Using this method via a Profile will be ignored as you probably don't want to Rotate the key every time someone logs in or reboots.