Swif enables administrators to retrieve and securely store Linux device encryption recovery keys. This ensures that encrypted devices can be accessed and managed securely, even in scenarios requiring recovery. Follow the steps below to configure and manage Linux encryption policies with recovery key management.
Steps to Retrieve Encryption Keys
1. Create a Linux Encryption Policy
Log in to the Swif Admin Dashboard.
Navigate to Device Management > Policies and create a new Linux Encryption Policy.
Include the Force Passphrase field in the policy configuration. This field ensures the Swif agent enforces passphrase usage on the device.
2. Swif Agent Validation
The Swif agent will check the MDM database for the device's associated passphrase:
If a passphrase exists: The Swif agent validates it to ensure it is correct and can decrypt the device.
If no passphrase exists or it is invalid: The Swif Desktop App will prompt the user to provide an active passphrase.
3. User Interaction
If the Swif Desktop App opens:
The user will be asked to enter the current valid passphrase for the device.
The Swif agent will:
Generate a new passphrase based on the provided input.
Send this new passphrase to the MDM server for secure storage.
4. Recovery Header File Creation
After a valid passphrase is created:
If there is any issue with the recovery header file, the agent will generate a one-time recovery header file.
The recovery header file will be sent to the MDM server, which will upload it to S3 for secure storage.
The MDM server will send the passphrase and the recovery header URL to the ST-API for device management purposes.
5. Daily Passphrase Validation
The Swif agent performs a daily check to validate the passphrase stored in the MDM database. This ensures that the stored passphrase remains correct and operational.
Viewing Recovery Keys in Swif
Once the process is complete, you can view the recovery key and header recovery file link in the Swif Admin Dashboard:
Navigate to Device Details > Security for the specific device.
Here, you will find:
Recovery Key: The passphrase associated with the device.
Header Recovery Link: A downloadable URL for the recovery header file stored in S3.
Benefits of Managing Encryption Recovery Keys with Swif
Data Security: Ensures encrypted devices remain secure with enforced passphrase policies.
Recovery Assurance: Simplifies recovery in case of data corruption or key loss.
Centralized Management: Admins can access recovery keys and header files directly from the Swif platform.
For additional support or questions about managing Linux encryption recovery keys, contact Swif Support at support@swif.ai.