Encrypted Volume and File System v1.1 Administrator's Guide
The syntax for changing the passphrase for a volume owner or authorized user key is as follows:
evfspkey passgen [-u username] [-k keyname]
The syntax for changing the passphrase for a recovery key is as follows:
evfspkey passgen -r recovkey_file
where:
-u username
Specifies the name of the user for the passphrase you want to delete.
If you do not specify this argument, evfsvol uses your user name.
-k keyname
Specifies the name of the key pair that corresponds to the passphrase
you want to change. If you do not specify this option, evfsvol uses
the user name as the key name.
-r recovkey_file
Specifies the name of the file that contains the recovery user's private
key, for example, /tmp/recovery.priv. HP recommends that you
store the recovery user's private key off line and restore only when
needed.
Creating or Changing a Stored Passphrase for an Existing Key
Use the evfspkey passgen command to create or change a stored passphrase for an existing
private key. You must have superuser privileges to create a stored passphrase for a key that you
do not own. If the current passphrase has not been previously stored, the evfspkey command
prompts you for the current passphrase.
EVFS encrypts stored passphrases with system-specific information. A stored passphrase is
usable only on the system on which it was created.
CAUTION: A stored passphrase enables you to use the EVFS autostart feature, but it is a security
risk.
evfspkey passgen –f|–p|–s [-u username] [-k keyname]
where:
-f Causes evfspkey to create a stored passphrase. The evfspkey utility prompts
you for the current passphrase and stores the passphrase in an encrypted file.
-p Causes evfspkey to change the current passphrase and create a stored
passphrase. If the current passphrase is not stored, evfspkey prompts you
for the current passphrase. The evfspkey utility prompts you for a new
passphrase, then stores the new passphrase in an encrypted file. The passphrase
must be at least eight characters.
-s Causes evfspkey to to generate a new passphrase and store it. If the current
passphrase is not stored, evfspkey prompts you for the current passphrase.
The evfspkey utility generates a passphrase for you and stores the passphrase
in an encrypted file.
-u username
Specifies the name of the user for the key pair that corresponds to the
passphrase you want to modify. If you do not specify this argument, evfsvol
uses your user name. You must have superuser or appropriate privileges to
specify a different user.
-k keyname
Specifies the name of the key pair that corresponds to the passphrase you
want to modify. If you do not specify this option, evfsvol uses the user name
as the key name.
88 Administering EVFS