Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3
EVS volume owner keys......................................................................................................38
Recovery keys....................................................................................................................38
Authorized user keys...........................................................................................................38
Summary of key type and privileged user capabilities.............................................................38
Creating keys....................................................................................................................39
Guidelines for creating user keys.....................................................................................39
Creating keys for EVS volume owners..............................................................................40
Example..................................................................................................................40
Creating recovery keys...................................................................................................41
Storing the recovery user's private key.........................................................................41
Examples................................................................................................................41
Creating keys for authorized users...................................................................................41
Examples................................................................................................................42
6 Configuring an EVS volume...................................................................43
Configuration overview.......................................................................................................43
Option 1: Creating a new EVS volume..................................................................................43
Step 1: Configuring an EVS volume.................................................................................43
Step 1a: Creating an LVM or VxVM volume for EVFS....................................................44
Examples............................................................................................................44
Step 1b: Creating EVS volume device files...................................................................44
Examples............................................................................................................45
Step 1c: Creating the EMD........................................................................................45
Example.............................................................................................................46
Step 1d: (Optional) Adding recovery keys and authorized user keys................................46
Step 1e: Enabling the EVS volume..............................................................................47
Example.............................................................................................................48
Step 2: Creating and mounting a file system on an EVS volume...........................................48
Step 2a: Creating a new file system with newfs............................................................48
Example.............................................................................................................48
Step 2b: (Optional) Using fsck to check the file volume..................................................49
Example.............................................................................................................49
Step 2c: Creating the mount point..............................................................................49
Example.............................................................................................................49
Step 2d: Mount the file system on the EVS volume.........................................................49
Example.............................................................................................................49
Step 2e: (Optional) Adding an entry to /etc/fstab........................................................50
Example.............................................................................................................50
Step 3: Verifying the configuration...................................................................................50
evfsadm stat -a.........................................................................................................50
evfsvol display evfs_volume_path................................................................................50
Verifying data encryption..........................................................................................51
Example.............................................................................................................52
Step 4: (Optional) Migrating existing data to an EVS volume..............................................52
Example..................................................................................................................52
Step 5: Backing up your configuration.............................................................................53
Option 2: Converting a volume with existing data to an EVS volume (inline encryption)..............53
Step 1: Preparing the file system and data........................................................................53
Step 2: Performing inline encryption................................................................................54
iencrypt: Inline encryption..........................................................................................54
Suspending an ongoing inline encryption...............................................................55
Re-starting a suspended inline encryption................................................................55
Step 3: Verifying the configuration...................................................................................55
evfsadm stat -a.........................................................................................................55
evfsvol display evfs_volume_path................................................................................56
4 Contents