Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3
Contents
I Encrypted Volume and File System (EVFS).....................................................11
1 Overview.............................................................................................13
EVFS architecture...............................................................................................................13
Features and benefits..........................................................................................................14
Supported software............................................................................................................15
Product limitations and precautions......................................................................................17
2 EVFS data and keys..............................................................................19
EVFS data flow..................................................................................................................19
Encryption metadata (EMD).................................................................................................19
EVFS encryption keys..........................................................................................................20
Volume and file encryption keys......................................................................................20
User keys.....................................................................................................................20
Passphrases.............................................................................................................20
Stored passphrases..............................................................................................20
Using HP-UX Trusted Computing Services with EVFS...........................................................21
How EVFS uses keys......................................................................................................21
Key names and key IDs.......................................................................................................21
User key and passphrase storage.........................................................................................21
File names....................................................................................................................22
Alternate storage databases and distributed key storage....................................................22
3 EVFS installation...................................................................................23
Prerequisites......................................................................................................................23
Installing EVFS...................................................................................................................23
Upgrading to EVFS v2.0.....................................................................................................24
Uninstalling EVFS...............................................................................................................25
4 Preparing EVFS for configuration............................................................26
Verifying for preconfiguration..............................................................................................26
Preparation overview..........................................................................................................26
Step 1: Configuring an alternate EVFS pseudo-user.................................................................27
Step 1a: Setting the evfs_user attribute.............................................................................27
Example..................................................................................................................27
Step 1b: Creating the user group....................................................................................27
Example..................................................................................................................27
Step 1c: Creating the EVFS pseudo-user account...............................................................27
Example..................................................................................................................27
Step 2: (Optional) Configuring alternate key database directories............................................28
Syntax for pub_key, priv_key, and pass_key attribute statements..........................................28
Key storage directory requirements..................................................................................29
Default pub_key, priv_key and pass_key attribute statements...............................................29
Example: Alternate directory for public keys......................................................................30
Example: NFS directory for public and private keys...........................................................30
Step 3: (Optional) Modifying EVFS global parameters............................................................30
Step 4: Starting the EVFS subsystem.....................................................................................31
Example......................................................................................................................31
Step 5: (Optional) Configuring the autostart feature................................................................31
II Encrypted Volume System (EVS)..................................................................34
5 EVS keys and user privileges..................................................................38
User privileges and permissions...........................................................................................38
Contents 3