Cauliflower Vest is a recovery key escrow solution. The project initially started with end-to-end Mac OS X FileVault 2 support, and later added support for BitLocker (Windows), LUKS (Linux), and Duplicity. The goal of this project is to streamline cross-platform enterprise management of disk encryption technologies.
Cauliflower Vest offers the ability to:
- Forcefully enable FileVault 2 encryption.
- Automatically escrow recovery keys to a secure Google App Engine server.
- Delegate secure access to recovery keys so that volumes may be unlocked or reverted.
- Sync BitLocker recovery keys from Active Directory.
Components:
- A Google App Engine based service which receives and securely escrows recovery keys.
- A GUI client running on the OS X user machines, which enables FileVault 2 encryption, obtains the recovery key, and sends it to the escrow service.
- A CLI tool, csfde, which activates FileVault 2 encryption on OS X 10.7 Lion, which may be used independently of the GUI client.
- A CLI tool which runs on Linux, for use with LUKS and Duplicity.
- A script to sync BitLocker recovery keys from Active Directory to Clipper.
Full source is available for all components.
To get started, begin with the Introduction wiki page.
The Cauliflower Vest engineering team will host office hours every other Monday from 11am to 1pm Eastern Time. Office hours are available as a video conference via Google+ Hangout, or on the irc network freenode. Feel free to use or not use a webcam for the hangout.
Next office hours are Mon Dec 15, 11am-1pm US/Eastern.
Join the Google+ Hangout here (new URL for each session): ...
We will simultaneously be present on freenode in:
#google-corpeng
Feel free to join and/or email the discussion list with questions at [email protected]. To reach only engineers on the project, email [email protected].
Thanks to [Dorothy Marczak](https://plus.google.com/106286115972636321533/about) for the logo.