Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

121

122

123

124

125

126

127

128

129

130

Recovery key:

Key name: evfs.efs

/* The following command adds the EFS recovery key evfs.efs to encrypted file file1.*/

# evfsfile add -r file1

Successfully added the recovery key to encrypted file "file1"

/* The recovery key is added to the encrypted file */

# evfsfile list file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cfb

Owner Key ID: jsmith.jsmith

Recovery Key ID: evfs.efs

Example 3

In this example, the root user replaces the recovery key efs with the newkey key for the encrypted

file file1:

/* root user logged in to configure a new EFS recovery key.*/

# id

uid=0(root) gid=3(sys) groups=0(root)

# evfspkey keygen -r -k newkey

Enter recovery passphrase:

Re-enter recovery passphrase:

Public/Private key pair "evfs.newkey" has been successfully generated.

/* key newkey.priv will be created at local directory */

/* change key name in /etc/evfs/evfs.conf */

efs_recovery_keyname = newkey

# evfspkey loadkey -r

Recovery key "evfs.newkey" has been loaded into the kernel successfully.

/* User jsmith is logged into a secure session and wants to replace the old recovery key */

/* of an encrypted file evfs.efs with a new recovery key evfs.newkey. */

# id

uid=114(jsmith) gid=20(users)

/* Original key name is "efs" */

# evfsfile list file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cfb

Owner Key ID: jsmith.jsmith

Recovery Key ID: evfs.efs

# evfsfile add -r file1

Are you sure you want to replace the recovery key "evfs.efs"?

Continuing with this operation will remove the existing recovery key!

Answer [yes/no]:yes

Successfully added the recovery key to encrypted file "file1"

/* recovery key has been changed */

# evfsfile list file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cfb

Owner Key ID: jsmith.jsmith

Recovery Key ID: evfs.newkey

Example 4

In this example, the user recovers the user key for the encrypted file file1:

/* The original owner of the file is "jsmith" */

# evfsfile list file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cfb

Owner Key ID: jsmith.jsmith

Recovery Key ID: evfs.newkey

/* user key in /etc/evfs/pkey/users/jsmith is accidentally removed and user */

/* jsmith is not in the secure session */

# id

uid=114(jsmith) gid=20(users)

126 Using EFS