-
Notifications
You must be signed in to change notification settings - Fork 48
Rotating or Generating New Keys
Crypt can easily rotate or generate new recovery keys of already encrypted machines. To do so you need to first make sure that crypt is properly installed, and make sure all three of the following are set to the following values. For more info on these keys, they are located on the Prefences page. All that is left to do is restart and log-in. If you are experiencing issues, please check the authorized plugin logs for clues before asking for help.
<key>RemovePlist</key>
<false/>
<key>RotateUsedKey</key>
<true/>
<key>ValidateKey</key>
<true/>As of version 3.1.0 you can now rotate/generate a new key by setting the GenerateKey Preference to a boolean of True, it will be set back to False after a successful rotation, NOTE: Using this method via a Profile will be ignored as you probably don't want to Rotate the key every time someone logs in or reboots.
The above will only generate a new key if there is not already a key at the location set by the OutputPath preference.