Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
41424344454647484950
rsa-2048 (RSA 2048-bit keys)
Default: rsa-1536
-u user Specifies the user name of the key owner. If you do not specify -u user,
evfspkey uses your user name as the key owner. You must have superuser
privileges or the appropriate privileges to create a key pair for another user.
-k keyname Specifies the key name. If you do not specify -k keyname, evfspkey uses the
user name as the key name.
Valid value: An ASCII string, 1 to 255 characters long.
NOTE: Do not use the -s option when creating a key pair for an EVFS volume owner. The -s
option does not prompt for a passphrase. It automatically generates the passphrase, so there is
no way for you to know the passphrase. You must know the owner key's passphrase when
creating an EVFS volume.
Example
In the following example, the root user creates a key with the rootkey1 key name :
# evfspkey keygen -k rootkey1
Enter passphrase:(enter a passphrase)
Re-enter passphrase:(re-enter the passphrase to confirm it)
Public/Private key pair "root.rootkey1" has been successfully generated.
(The evfspkey utility shows the key ID, which is the owner name, root,
and the key name, rootkey1.)
Creating Recovery Keys
Creating recovery keys is optional, but HP recommends that you create at least one recovery
key pair.
Use the following evfspkey keygen command to create a public/private key pair for the
recovery user. The evfspkey utility will prompt you for a passphrase to secure the private key.
The passphrase must contain at least eight characters.
You must have superuser privileges or the appropriate privileges to create a key for the recovery
user.
evfspkey keygen -c rsa-2048 -r [-k keyname]
where:
-r
Specifies that the key pair created is a recovery key pair.
-k keyname Key name. If you do not specify -k keyname, evfspkey uses the EVFS
pseudo-user name (evfs) as the key name.
Valid value: An ASCII string, 1 to 255 characters long.
Storing the recovery user's Private Key
When you create the key pair for the recovery user, evfspkey saves the private key in the current
working directory with the file name key_name.priv, or evfs.priv by default. Store this
private key off line. Copy the private key to removable media, and delete the private key on the
local system.
Examples
In the following example, the user creates a recovery key. The evfspkey utility saves the private
key in the current directory with the file name evfs.priv. Store this file off line.
# evfspkey keygen -c rsa-2048 -r
Step 5: Creating User Key Pairs 45