Install "mandos" package on a server that will distribute encrypted keys
apt-get install mandos
Install "mandos-client" package on clients, which will contact mandos server to retrieve keys to decrypt local FS
apt-get install mandos-client
On client machine:
generate key using "mandos-keygen --password" command
debian:~# mandos-keygen --password
Enter passphrase:
Repeat passphrase:
[debian.local]
host = debian.local
fingerprint = C745DFC8B88B858AB3752A614CAF3D713EC035B5
secret =
hQIOA//X7BxAFgg4EAf/ZOQxCHpyx3P0+adJYBEg6bUMjnaKOzFSdpNEoVJAbaQg
u38RhbmOlAZ/KLq4mlsh7Kj5mk4izUF79HmpxalNUg4K0Kli5UgNUI9x8siauUHo
o7YckA+83u+Z5G04qm+NZ7wzB6U0n8f8ajsqDDFndMlvi8c6gepSUzlmsQDhGcqY
Y+QH4I6AUMKTd6+2sodmCl+v8O1XpKKypCahMCBD+nHkBeXNN94EzFU2oWVISUW3
wogXdlXnQlo5zbHrAHAHlcPOwkI52C79LEW+H93xqe41IKrSmZHwo6W5/Ml7GUPF
UaSZDhnssiaoL2V0UXvVJRDPa+k6od7uEVHUDM2fcwgAh7T4kOlYjZU3ZazfKgnp
gz9PqQu8iReMGOqcJos05Xlcay2Ebf2Mt+t5WHv22aXiJ3vvjJZighpPcn2idHQz
eQrdR5zEimpGW5jBzlygo8Gks34fQzRQp/CFSg9kytcfs2hSglULKO9Rw5aSqstl
yMWNJFNp2SQ4SD0ray6wkBAUaIQ98lX3CtsyQZjsAlXYApziHQygqx23xAJdZIDf
oGCmcmu1PcmteIyuW7aiDd3rahJhpnpc5petKEoYbEfLixZY0olINI+pTrb/9xOC
FhvgNL4ErZFOWIgvtO73EKJ0+Zwf7edwNueuRGmTs8kEpRZoBYa2ls3hKdxewVI/
e9KwAf3cQYnuAOZQsT3tC3IVRoN+TxdQizIMVOt3/em6LDpCXx0bUPmt7rxd7xwU
xFViM4m/xpmaHmDgq3NC96MOLJZngpcW9Sdan3XvGJJFVBOngapTMB3H9WZAj/Mn
w7FzNtvWmzBhn3o6d1XQgJUCy+iTooqrRONLakuCn4xJoaRTL7QROCEejDYRNlLt
ful4+IpV8x53NkhnIGIc9gNpZKnwuQAoxh5gafPra8rgOHw=
debian:~#
On server machine:
Paste the output of the above command in server's /etc/mandos/clients.conf file