Encrypted Volume and File System v1.1 Administrator's Guide

-p

Specifies non-interactive mode. EVFS uses the key ID from the

/etc/evfs/evfstab file and uses a stored passphrase. To use this

option, you must add a key ID to the entry in the

/etc/evfs/evfstab file for this volume and have a stored

passphrase for the private key. If you do not specify this option,

evfsvol prompts you for the passphrase for the private key.

-k keyname

Specifies the name of the key pair to use. This must be the owner key

or the key of an authorized user for this EVFS volume. If you do not

specify -k keyname, evfsvol uses your user name as the key name.

evfs_volume_path

Specifies the absolute pathname for the EVFS volume device file, such

as /dev/evfs/vg01/lvol5, /dev/evfs/vx/dsk/rootdg/vol05,

or /dev/evfs/rdsk/c2t0d1.

To enable the EVFS volume, the evfsvol utility:

• Retrieves the passphrase for the owner or authorized user's private key by prompting the

user for the passphrase or by using system data to decrypt the stored passphrase.

• Uses the passphrase to decrypt the owner or authorized user's private key.

• Uses the private key to decrypt the volume encryption key in the appropriate key record.

EVFS can now use the volume encryption key to encrypt and decrypt the volume data.

Example

The root user enters the following command to enable the EVFS volume:

# evfsvol enable -k rootkey1 /dev/evfs/vg01/lvol5

Enter user passphrase:

(Enter the passphrase for the key rootkey1.)

Encrypted volume "/dev/evfs/vg01/lvol5" has been successfully enabled.

Option 1: Creating a New EVFS Volume 55