Manualshelf

Encrypted Volume and File System v1.1.1 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
12345678910
This document provides information about the version 1.1.1 (A.01.01.01) release of the Encrypted
Volume and File System (EVFS) product.
EVFS Overview
EVFS protects data by encrypting data volumes to protect data at rest data on disks. You can
also use EVFS to create encrypted backup media. EVFS prevents anyone who gains unauthorized
physical access to storage media from reading or using the data.
EVFS creates EVFS volumes, which are pseudo-devices (or virtual devices) layered on Logical
Volume Manager (LVM), Veritas Volume Manager (VxVM), or physical volume devices. You
can use the newfs command to create a file system on an EVFS volume just as you would create
a file system on an LVM, VxVM, or physical volume. The EVFS subsystem encrypts data written
to an EVFS volume and decrypts data read from an EVFS volume as needed.
EVFS provides the following features:
Data protection that is file-system independent.
EVFS supports all disk file system types that can be mounted on a LVM, VxVM, or physical
volume, including High Performance File System (HFS) and Veritas File System (VxFS, also
referred to as Journaled File System, or JFS).
Application transparency.
EVFS volumes are implemented as pseudo-devices below the HP-UX file system. No changes
to applications are necessary. EVFS is compatible with network file sharing utilities, such
as Network File System (NFS) and Common Internet File System (CIFS), and with network
file access utilities, such as File Transfer Protocol (FTP) and remote copy (rcp).
High-performance bulk data encryption using symmetric keys.
EVFS encrypts volume data using a symmetric encryption key, referred to as the volume
encryption key. EVFS supports the following symmetric key algorithms for encrypting
volume data:
— 128-bit key Advanced Encryption Standard Cipher Block Chaining (AES CBC) mode
— 192-bit key AES CBC mode
— 256-bit key AES CBC mode
Public/private keys for symmetric key storage.
EVFS uses public/private encryption key to store volume encryption keys. EVFS supports
the following public/private key encryption algorithms:
— 1024-bit key Rivest-Shamir-Adelman (RSA)
— 1536-bit key RSA
— 2048-bit key RSA
Passphrase storage and retrieval for automatic start (autostart).
EVFS encrypts private keys with passphrases. In normal operation, EVFS prompts the user
for the passphrase to decrypt and retrieve the private key. To enable EVFS operation during
system startup without human intervention, EVFS provides a mechanism to store a user's
passphrase in a file, encrypted with system-specific data. At system startup, EVFS can
EVFS Overview 5