Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
41424344454647484950
Step 3: (Optional) Modifying EVFS Global Parameters
Edit the /etc/evfs/evfs.conf file to modify EVFS global parameters. This step is optional,
and you can use the default attribute values for most installations. Three attributes you might
want to modify are:
data_cipher
The data_cipher attribute specifies the default data encryption algorithm (the algorithm
EVFS uses to encrypt volume data). You can also specify the data encryption when you enter
the evfsvol create command, as described in “Step 1: Configuring an EVFS Volume”
(page 51).
Valid values:
aes-128-cbc (128-bit AES CBC)
aes-192-cbc (192-bit AES CBC)
aes-256-cbc (256-bit AES CBC)
A longer key length provides more security, but slows data transfer rates.
Default: aes-128-cbc
emd_backup
The emd_backup attribute specifies the directory EVFS uses to store backup images of EMD
data.
Default: /etc/evfs/emd
pbe
The pbe attribute specifies the encryption library EVFS uses to secure EVFS private keys.
On systems with HP-UX Trusted Computing Services (TCS), you can modify this attribute
so that EVFS uses TCS to secure EVFS private keys.
For more information about using TCS with EVFS, see the HP-UX TCS product
documentation.
For a complete list of global parameters, see evfs.conf(4).
42 Preparing EVFS for Configuration