Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
141142143144145146147148149150
Preparing EVFS
This section briefly describes the steps in the EVFS preparation procedure. For more information,
refer to Chapter 3 (page 35).
1. At installation, EVFS attempts to create the evfs user account and group for the EVFS
pseudo-user. If you cannot use evfs as the user and group name for the EVFS pseudo-user,
set the evfs_user attribute in the /etc/evfs/evfs.conf file to a different user name.
Create a new group and user account for the EVFS pseudo-user:
# groupadd my_evfs_group
# useradd -g evfs -c "EVFS pseudo-user" \
-d /home/evfs -s /usr/bin/false my_evfs_user
2. (Optional) Configure alternative directories for key storage using the pub_key, priv_key,
and pass_key attribute statements in the file /etc/evfs/evfs.conf.
3. (Optional) Modify EVFS global parameters. Edit the file /etc/evfs/evfs.conf.
4. Start the EVFS subsystem:
# evfsadm start [-n number_threads]
5. Create user key pairs.
a. Create keys for EVFS volume owners:
# evfspkey keygen [-p] [-c cipher] [-u user] [-k keyname]
b. (Optional, but recommended) Create recovery keys:
# evfspkey keygen -c rsa-2048 -r [-k keyname]
EVFS creates the recovery user's private key in the current directory, with the file name
key_name.priv. Store this file off line.
c. (Optional) Create keys for authorized users:
# evfspkey keygen [-p|-s] [-c cipher ] [-u user] [-k keyname]
Configuring EVFS
This section briefly describes the steps in the EVFS procedure. After preparing EVFS, you can
use Option 1 or Option 2 to configure an EVFS volume. For more information about selecting
the appropriate option, see Chapter 4 (page 49).
146 EVFS Quick Reference