Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

101

102

103

104

105

106

107

108

109

110

11 Using EFS

Once you have an EFS file system mounted, you can create and manipulate an encrypted file.

This chapter describes the various operations that you can perform on an encrypted file, as follows:

• “Using a secure session” (page 105)

• “Creating an encrypted file” (page 106)

• “Reading from or writing to an encrypted file” (page 106)

• “Changing the file permissions” (page 107)

• “Changing the file owner/group” (page 107)

• “File encryption attributes” (page 107)

• “Sharing encrypted files via groups and group keys” (page 110)

• “File conversion operations” (page 111)

• “Using the evfsxfr command” (page 114)

• “EFS backup and restore” (page 115)

• “The EVFS wrapper commands” (page 116)

• “Using the evfsrun command” (page 124)

• “The EFS recovery key” (page 125)

See Chapter 10 (page 102) for more information on how to create an encrypted file system.

Using a secure session

To create or manipulate an encrypted file, you must be in a secure session. If your credential does

not exist, you will be prompted to create it. This credential is inherited to all the children for the

process. Use the evfsauth display command to display your credential. Exiting the process

(if in a shell, usually with the exit command) terminates the session.

You can perform these secure session operations using the evfsauth command.

Logging into a secure session

Use the evfsauth login command to log into an EVFS secure session. The evfsauth login

command loads the user's credential and starts the user’s default shell, which creates a secure

session. Without running the evfsauth login command, you cannot use EFS to protect your

files.

To create a secure session, run the evfsauth login command. The command prompts you for

your user key passphrase, as follows:

# evfsauth login

Enter your EFS passphrase:

You are entering in a secure session. Use "exit" to end the session.

Whether you have a stored passphrase or not, the evfsauth login command always prompts

for the passphrase. If you want to create your own key before entering the secure session, you

need to run the evfspkey keygen command without the -s option to be able to enter your own

passphrase.

If the user key does not exist, the evfsauth login command automatically creates the user key

and loads it into the kernel, as follows:

# evfsauth login

You don't have a key pair to use EFS. Do you want to create one?

Answer [yes/no]:yes

Enter passphrase:

Using a secure session 105