Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
919293949596979899100
/etc/evfs/evfs.conf file. Using the default key storage directory, the key file names
are:
Public Key /etc/evfs/pkey/user_name/key_name.pub, where user_name is
the key owner's name and key_name is the key name.
Private Key /etc/evfs/pkey/user_name/key_name.priv, where user_name
is the key owner's name and key_name is the key name.
3. For data consistency, stop all applications accessing the data. You can use the fuser -cu
command to determine the processes accessing files, and the fuser -cku command to
terminate the processes. See fuser(1M) for more information.
If the data is used by system processes, you might need to terminate the processes by
changing the system runlevel to single-user level with the shutdown utility. See shutdown(1M)
for more information.
4. Create a cleartext backup copy of the data or copy the cleartext data from the EVFS volume
to another disk device using a utility such as fbackup, cp or tar.
5. If you have a file system mounted on the EVFS volume, use the umount command to
unmount the file system. See umount(1M) for more information.
6. Use the following command to disable encryption and decryption access to the volume:
evfsvol disable [-k keyname] evfs_volume_path
See “Disabling Encryption/Decryption Access to EVFS Volumes” (page 81) for more
information.
7. Use the following evfsvol export command to remove the EVFS volume device files
and delete the device entries in kernel registry:
evfsvol export evfs_volume_path
where:
evfs_volume_path Specifies the absolute pathname for the EVFS volume device file,
such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or
/dev/evfs/dsk/c2t0d1.
Importing an EVFS Volume
Use the following procedure to import an EVFS volume. If you are using LVM, use this procedure
after importing the volume group using vgimport, and repeat the procedure for each volume
in the group.
1. Copy the key files saved from the source system to the target system. Use the procedure
described in “Restoring User Keys” (page 84) to install the key files from the source system
on the target system.
2. Use the following evfsvol import command to create the EVFS volume device files and
add the entries in kernel registry:
evfsvol import volume_path
where:
volume_path Specifies the path for the underlying LVM, VxVM, or physical volume
device file, such as /dev/vx/dsk/rootdg/vol01, /dev/vg01/lvol5,
or /dev/dsk/c0d0t2.
3. Use the evfsvol enable command to enable the encrypted volume:
evfsvol enable [-p] [-k keyname] evfs_volume_path
See “Step 1: Configuring an EVFS Volume” (page 51) or evfsvol(1m) for more information.
Exporting and Importing EVFS Volumes 93