Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3
EVFS v2.0 creates the users and groups subdirectories under the directories configured in the
/etc/evfs/evfs.conf file under priv_key, pub_key, and pass_key. When you upgrade
to EVFS v2.0, the keys from previous releases are automatically moved to the new directories with
the new key version and format, and ready for use; no additional action is required. For example,
if you have an old key in /etc/evfs/pkey/user1, once you upgrade to EVFS v2.0, the key
will be located in the /etc/evfs/pkey/users/user1 directory. For the recovery agent key,
only the public key is stored in the directory configured in the /etc/evfs/evfs.conf file. The
private key is usually stored in a media outside the system. The migration process migrates only
the public key. However, the EVFS v2.0 commands work with the recovery agent's old private key
file even if its version is still EVFS v1.0.
Uninstalling EVFS
CAUTION: Do not swremove EVFS if there is still encrypted data on the system. Otherwise data
will be lost once EVFS is removed.
To uninstall EVFS, follow these steps:
1. Stop all commands and applications accessing the encrypted data.
2. Backup all data, especially the /etc/evfs directory and all encrypted volumes and files.
3. Convert all encrypted data to cleartext. For EVS, copy the encrypted volume to a non-encrypted
volume. For EFS, copy the encrypted files to a non-encrypted file system.
4. Ensure that the /dev/evfs devices are not being used or referenced (for example, by
crontab and startup scripts).
5. Ensure that there is no EVFS filesystem in the /etc/fstab file.
6. Save all keys in case any backup encrypted data needs to be retrieved.
7. Stop EVFS subsystem and uninstall EVFS
Uninstalling EVFS 25