Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3
C EVFS quick reference
This appendix contains reference information about EVFS.
Preparing EVFS
This section briefly describes the steps in the EVFS preparation procedure. For more information,
refer to Chapter 4 (page 26).
1. At installation, EVFS attempts to create the evfs user account and group for the EVFS
pseudo-user. If you cannot use evfs as the user and group name for the EVFS pseudo-user,
set the evfs_user attribute in the /etc/evfs/evfs.conf file to a different user name.
Create a new group and user account for the EVFS pseudo-user:
# groupadd my_evfs_group
# useradd -g evfs -c "EVFS pseudo-user" \
-d /home/evfs -s /usr/bin/false my_evfs_user
2. (Optional) Configure alternative directories for key storage using the pub_key, priv_key,
and pass_key attribute statements in the file /etc/evfs/evfs.conf.
3. (Optional) Modify EVFS global parameters. Edit the file /etc/evfs/evfs.conf.
4. Start the EVFS subsystem:
# evfsadm start [-n number_threads]
5. Create user key pairs for EVS mode.
a. Create keys for EVS volume owners:
# evfspkey keygen [-p] [-c cipher] [-u user] [-k keyname] [-m
keywrap]
b. (Optional, but recommended) Create recovery keys:
# evfspkey keygen -c rsa-2048 -r [-k keyname] [-m keywrap]
EVFS creates the recovery user's private key in the current directory, with the file name
key_name.priv. Store this file off line.
c. (Optional) Create keys for authorized users:
# evfspkey keygen [-p|-s] [-c cipher ] [-u user] [-k keyname]
[-m keywrap]
Configuring EVS
This section briefly describes the steps in the EVFS procedure. After preparing EVFS, you can use
Option 1 or Option 2 to configure an EVS volume. For more information about selecting the
appropriate option, see Chapter 6 (page 43).
Preparing EVFS 157