Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

4. Restore the public and private key files and any passphrase files with the following name,

owner, group, and permissions:

• Public Key

— File name: key_storage_directory/user_name/key_name.pub

(/etc/evfs/pkey/user_name/key_name.pub if you are using the default key

storage directory)

— Owner: the user name for the owner

— Group: sys

— Permissions: Readable and writable by the owner, readable by group, and readable

by everyone else (644, or -rw-r--r--)

• Private Key:

— File name: key_storage_directory/user_name/key_name.priv

(/etc/evfs/pkey/user_name/key_name.priv if you are using the default

key storage directory)

— Owner: the user name for the owner

— Group: sys

— Permissions: Readable and writable by only the owner (600, or -rw-------)

• Passphrase File:

— File name: key_storage_directory/user_name/key_name.pass.nnn

(/etc/evfs/pkey/user_name/key_name.pass.nnn if you are using the

default key storage directory), where nnn is a number based on system-specific

data

— Owner: the user name for the owner

— Group: sys

— Permissions: Readable and writable only by the owner (600, or -rw-------)

After you restore these files, a listing of the files shows output similar to the following:

# ll /etc/evfs/pkey/root

total 32

-rw------- 1 root sys 634 Mar 16 17:26 rootkey2.priv

-rw-r--r-- 1 root sys 344 Mar 16 17:26 rootkey2.pub

-rw-r--r-- 1 root sys 272 Mar 16 17:26 rootkey2.pass.08

192003-6e81-11d9-8b9e-b8f2666e6f49

Changing Owner Keys for an EVFS Volume

Use the following evfsvol assign command to change the owner or owner key of an EVFS

volume. To execute this command, you must be the current owner of the EVFS volume or have

the private key file for the volume recovery key. (The procedure for creating a recovery key is

described in “Creating Recovery Keys” (page 45). The procedure for adding a recovery key to

an EVFS volume is described in “Step 1d: (Optional) Adding Recovery Keys and authorized user

Keys” (page 53).)

evfsvol assign -u newowner [-r recoveryprivkeyfile] [-k keyname]

evfs_volume_path

where:

-u newowner

Specifies the name of the new owner for the EVFS volume.

-r recoveryprivkeyfile

Specifies the name of the file containing private key that

corresponds to a recovery user's key in the EMD. If you do

not specify this option, you must be the EVFS volume owner

to execute this command; evfsvol prompts you for the

passphrase for the owner's key.

86 Administering EVFS