Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3
Contents
5 EVS keys and user privileges......................................................................38
User privileges and permissions................................................................................................38
EVS volume owner keys...........................................................................................................38
Recovery keys........................................................................................................................38
Authorized user keys...............................................................................................................38
Summary of key type and privileged user capabilities..................................................................38
Creating keys.........................................................................................................................39
Guidelines for creating user keys..........................................................................................39
Creating keys for EVS volume owners...................................................................................40
Example......................................................................................................................40
Creating recovery keys.......................................................................................................41
Storing the recovery user's private key..............................................................................41
Examples.....................................................................................................................41
Creating keys for authorized users........................................................................................41
Examples.....................................................................................................................42
6 Configuring an EVS volume.......................................................................43
Configuration overview............................................................................................................43
Option 1: Creating a new EVS volume......................................................................................43
Step 1: Configuring an EVS volume......................................................................................43
Step 1a: Creating an LVM or VxVM volume for EVFS.........................................................44
Examples................................................................................................................44
Step 1b: Creating EVS volume device files........................................................................44
Examples................................................................................................................45
Step 1c: Creating the EMD.............................................................................................45
Example..................................................................................................................46
Step 1d: (Optional) Adding recovery keys and authorized user keys....................................46
Step 1e: Enabling the EVS volume...................................................................................47
Example..................................................................................................................48
Step 2: Creating and mounting a file system on an EVS volume...............................................48
Step 2a: Creating a new file system with newfs.................................................................48
Example..................................................................................................................48
Step 2b: (Optional) Using fsck to check the file volume.......................................................49
Example..................................................................................................................49
Step 2c: Creating the mount point...................................................................................49
Example..................................................................................................................49
Step 2d: Mount the file system on the EVS volume.............................................................49
Example..................................................................................................................49
Step 2e: (Optional) Adding an entry to /etc/fstab.............................................................50
Example..................................................................................................................50
Step 3: Verifying the configuration.......................................................................................50
evfsadm stat -a..............................................................................................................50
evfsvol display evfs_volume_path.....................................................................................50
Verifying data encryption...............................................................................................51
Example..................................................................................................................52
Step 4: (Optional) Migrating existing data to an EVS volume...................................................52
Example......................................................................................................................52
Step 5: Backing up your configuration..................................................................................53
Option 2: Converting a volume with existing data to an EVS volume (inline encryption)...................53
Step 1: Preparing the file system and data.............................................................................53
Step 2: Performing inline encryption.....................................................................................54
iencrypt: Inline encryption..............................................................................................54
Contents 35