Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
41424344454647484950
In the following example, the user creates a second recovery key. The evfspkey utility saves
the private key in the current directory with the file name evfs2.priv. Store this file off line.
# evfspkey keygen -c rsa-2048 -r -k evfs2
Creating Keys for authorized users
Creating keys for authorized users is optional. A user with an authorized user key can enable
and disable encryption and decryption access to an EVFS volume, but cannot change the EVFS
volume owner, destroy a volume, or add and delete keys to a volume.
Use the following evfspkey keygen command to create key pairs for authorized users:
evfspkey keygen [-p|-s] [-c cipher] [-u user] [-k keyname]
where:
-p Causes evfspkey to prompt for passphrase. The evfspkey utility will prompt
you for a passphrase and store the passphrase in an encrypted file. The
passphrase must contain at least eight characters.
CAUTION: A stored passphrase enables you to use the EVFS autostart feature
but it is a security risk.
-s Causes evfspkey to generate a passphrase automatically. The evfspkey
utility will generate a passphrase for you and store the passphrase in an
encrypted file.
-c cipher
Specifies the type of public/private (cipher) keys to create.
Valid values:
rsa-1024 (RSA 1024-bit keys)
rsa-1536 (RSA 1536-bit keys)
rsa-2048 (RSA 2048-bit keys)
Default: rsa-1536
-u user Specifies the user name of the key owner. If you do not specify -u user,
evfspkey uses your user name as the key owner. You must have superuser
capability or the appropriate privileges to create a key pair for another user.
-k keyname Specifies the key name. If you do not specify -k keyname, evfspkey uses the
user name as the key name.
Valid value: An ASCII string, 1 to 255 characters long.
Examples
In the following example, the root user creates a key for the user init with the key name
initkey. The key will be used for the autostart feature. The evfspkey utility generates a
passphrase and stores the passphrase.
# evfspkey keygen -s -u init -k initkey
Public/Private key pair "init.initkey" has been successfully generated.
In the following example, the root user creates a key for the user mittal-musa. The key name
is also mittal-musa.
# evfspkey keygen -u mittal-musa
Enter passphrase:(enter a passphrase)
Re-enter passphrase:(re-enter the passphrase to confirm it)
Public/Private key pair "mittal-musa.mittal-musa" has been
successfully generated.
46 Preparing EVFS for Configuration