Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
An app for allowing users to enable FileVault 2 and safely escrow the Recovery Key with an instance of Crypt-Server.
Python Objective-C Shell Perl
branch: master

Merge pull request #21 from arubdesu/feature--autofill-username

Feature: autofill username, GUI tweaks
latest commit d12157c58d
Graham Gilbert authored

README.mdown

Crypt

Crypt is a system for centrally storing FileVault 2 recovery keys. It is made up of a client app, and a Django web app for storing the keys. You will also need to download and install the webapp.

Changes in this version

  • 10.7 is no longer supported.
  • Improved logging on errors.
  • Improved user feedback during long operations (such as enabling FileVault).

Client

The client is written in Pyobjc, and makes use of the built in fdesetup on OS X 10.8 and higher. An example login hook is provided to see how this could be implemented in your organisation.

Features

  • If escrow fails for some reason, the recovery key is stored on disk and a Launch Daemon will attempt to escrow the key periodically.
  • If the app cannot contact the server, it can optionally quit.
  • If FileVault is already enabled, the app will quit.

Screenshot

Crypt Screenshot

Installation

Configuration

sudo defaults write /Library/Preferences/FVServer ServerURL "http://yourserver.com"

To disable the network check (for example, in environments when the network isn't available until the user has authenticated): sudo defaults write /Library/Preferences/FVServer NetworkCheck -bool NO

fdesetup, the binary Crypt uses to enable FileVault needs to be run as root. You will need to devise your own way of running this, whether it is via a LaunchDaemon or a LoginHook.

Acknowledgements

Many thanks to my lovely employers at pebble.it for letting me release this, and thanks to Greg Neagle and the other contributors at Munki for having code that I could borrow.

Something went wrong with that request. Please try again.