Cauliflower Vest is a recovery key escrow solution. The project initially started with end-to-end Mac OS X FileVault 2 support, and later added support for BitLocker (Windows), LUKS (Linux), and Duplicity. The goal of this project is to streamline cross-platform enterprise management of disk encryption technologies.
Cauliflower Vest offers the ability to:
- Forcefully enable FileVault 2 encryption.
- Automatically escrow recovery keys to a secure Google App Engine server.
- Delegate secure access to recovery keys so that volumes may be unlocked or reverted.
- Sync BitLocker recovery keys from Active Directory.
Components:
-
A Google App Engine based service which receives and securely escrows recovery keys.
-
A GUI client running on the OS X user machines, which enables FileVault 2 encryption, obtains the recovery key, and sends it to the escrow service.
-
A CLI tool, csfde, which activates FileVault 2 encryption on OS X 10.7 Lion, which may be used independently of the GUI client.
-
A CLI tool which runs on Linux, for use with LUKS and Duplicity.
-
A script to sync BitLocker recovery keys from Active Directory.
Full source is available for all components.
To get started, begin with the Introduction wiki page.
Please search, join, and/or email the discussion list with questions at cauliflowervest-discuss@googlegroups.com. To reach only engineers on the project, email cauliflowervest-eng@googlegroups.com.
Thanks to Dorothy Marczak for the logo.