Manualshelf

Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
11121314151617181920
High-performance bulk data encryption using symmetric keys.
EVFS encrypts volume data using a symmetric encryption key, referred to as the volume
encryption key. EVFS supports the following symmetric key algorithms for encrypting volume
data:
128-bit key Advanced Encryption Standard Cipher Block Chaining (AES CBC) mode
192-bit key AES CBC mode
256-bit key AES CBC mode
128-bit key Advanced Encryption Standard Cipher FeedBack (AES CFB) mode
192-bit key AES CFB mode
256-bit key AES CFB mode
EVFS encrypts file data using a unique symmetric encryption key, referred to as the file
encryption key. EVFS supports the following symmetric key algorithms for encrypting file data:
128–bit key Advanced Encryption Standard Cipher FeedBack (AES CFB) mode
192-bit key AES CFB mode
256-bit key AES CFB mode
Public/private keys to protect the symmetric keys.
EVFS uses public/private encryption key to protect volume and file encryption keys. EVFS
supports the following public/private key encryption algorithms:
1024-bit key Rivest-Shamir-Adelman (RSA)
1536-bit key RSA
2048-bit key RSA
Passphrase storage and retrieval for automatic start (autostart).
EVFS encrypts private keys with passphrases. In normal operation, EVFS prompts the user for
the passphrase to decrypt and retrieve the private key. To enable EVFS operation during
system startup without human intervention, EVFS provides a mechanism to store a user's
passphrase in a file, encrypted with system-specific data. At system startup, EVFS can
automatically retrieve stored passphrases and use the passphrases to execute EVFS commands.
CAUTION: Stored passphrases provide convenience, but they are security risks.
EFS Secure Session
In order to use EFS, a user needs to be in an EFS secure session (see evfsauth(1)) This session
contains all the necessary credential for a user to access and operate on encrypted files.
Secure session credentials are inherited by its child processes.
Key Management
EVFS provides its own local key management system. It supports encryption keys for both EVS
and EFS. The concept of key manager is introduced in EVFS 2.0.
Supported software
Software used with EVFS can be categorized into three types:
Type 1 Applications without kernel components. EVFS volumes configured in EVS mode support
Type 1 software. EVFS volumes configured in EFS mode support Type 1 software if the
data is accessed using the evfsxfr command or in a secure session. Examples of
Type 1 software include FTP, rcp, CIFS Server, and Oracle® Database 10g. (This list
is not exhaustive and is included only to provide examples of Type 1 software.)
Supported software 15