Skip to content
/ Crypt-Server Public
forked from grahamgilbert/Crypt-Server

A Django webapp to escrow filevault keys sent by the Crypt client app.

License

Apache-2.0 license
0 stars 43 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

arubdesu/Crypt-Server

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

114 Commits

docker

docker

 
 

docs

docs

 
 

functional_tests

functional_tests

 
 

fvserver

fvserver

 
 

server

server

 
 

setup

setup

 
 

site_static

site_static

 
 

static

static

 
 

templates

templates

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

NOTICE

NOTICE

 
 

README.md

README.md

 
 

crypt.wsgi

crypt.wsgi

 
 

docker.sh

docker.sh

 
 

generate_keyczart.py

generate_keyczart.py

 
 

manage.py

manage.py

 
 

smtp.sh

smtp.sh

 
 

Repository files navigation

Crypt-Server

Crypt is a system for centrally storing FileVault 2 recovery keys. It is made up of a client app, and a Django web app for storing the keys.

This Docker image contains the fully configured Crypt Django web app. A default admin user has been preconfigured, use admin/password to login. If you intend on using the server for anything semi-serious it is a good idea to change the password or add a new admin user and delete the default one.

Changes in this version

  • 10.7 is no longer supported.
  • Improved logging on errors.
  • Improved user feedback during long operations (such as enabling FileVault).

Client

The client is written in Pyobjc, and makes use of the built in fdesetup on OS X 10.8 and higher. An example login hook is provided to see how this could be implemented in your organisation.

Features

  • If escrow fails for some reason, the recovery key is stored on disk and a Launch Daemon will attempt to escrow the key periodically.
  • If the app cannot contact the server, it can optionally quit.
  • If FileVault is already enabled, the app will quit.

##Installation instructions It is recommended that you use Docker to run this, but if you wish to run directly on a host, installation instructions are over on the in the docs directory

##Settings

  • SEND_EMAIL - Crypt Server can send email notifcations when secrets are requested and approved. Set SEND_EMAIL to True, and set HOST_NAME to your server's host and URL scheme (e.g. https://crypt.example.com). For configuring your email settings, see the Django documentation.

  • APPROVE_OWN - By default, users with approval permissons can approve their own key requests. By setting this to False in settings.py (or by using the DOCKER_CRYPT_APPROVE_OWN environment variable with Docker), users cannot approve their own requests.

  • ALL_APPROVE - By default, users need to be explicitly given approval permissions to approve key retrieval requests. By setting this to True in settings.py (or by using the DOCKER_CRYPT_ALL_APPROVE environment variable with Docker), all users are given this permission when they log in.

##New features in latest release

  • Records Bonjour Name of Macs submitting keys
  • Introduces the can_approve permission - users must have this permission to authorise key retrieval
  • Key retrievals are logged

##Todo

  • Email user when their request is approved or denied
  • Move 7 day allowance into settings.py so it can be changed

##Screenshots Main Page: Crypt Main Page

User Computer Info: User computer info

Admin Computer Info: Admin computer info

User Key Request: Userkey request

Manage Requests: Manage Requests

Approve Request: Approve Request

Key Retrieval: Key Retrieval

About

A Django webapp to escrow filevault keys sent by the Crypt client app.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • JavaScript 82.5%
  • Python 9.8%
  • HTML 3.5%
  • CSS 3.2%
  • Other 1.0%