Manualshelf

Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
41424344454647484950
(The evfspkey utility shows the key ID, which is the owner name, root,
and the key name, rootkey1.)
Creating recovery keys
Creating recovery keys is optional, but HP recommends that you create at least one recovery key
pair.
Use the following evfspkey keygen command to create a public/private key pair for the
recovery user. The evfspkey utility will prompt you for a passphrase to secure the private key.
The passphrase must contain at least eight characters.
You must have superuser privileges or the appropriate privileges to create a key for the recovery
user.
evfspkey keygen -c rsa-2048 -r [-k keyname]
where:
-r Specifies that the key pair created is a recovery key pair.
-k keyname Key name. If you do not specify -k keyname, evfspkey uses the EVFS
pseudo-user name (evfs) as the key name.
Valid value: An ASCII string, 1 to 255 characters long.
Storing the recovery user's private key
When you create the key pair for the recovery user, evfspkey saves the private key in the current
working directory with the file name key_name.priv, or evfs.priv by default. Store this
private key off line. Copy the private key to removable media, and delete the private key on the
local system.
Examples
In the following example, the user creates a recovery key. The evfspkey utility saves the private
key in the current directory with the file name evfs.priv. Store this file off line.
# evfspkey keygen -c rsa-2048 -r
In the following example, the user creates a second recovery key. The evfspkey utility saves the
private key in the current directory with the file name evfs2.priv. Store this file off line.
# evfspkey keygen -c rsa-2048 -r -k evfs2
Creating keys for authorized users
Creating keys for authorized users is optional. A user with an authorized user key can enable and
disable encryption and decryption access to an EVS volume, but cannot change the EVS volume
owner, destroy a volume, or add and delete keys to a volume.
Use the following evfspkey keygen command to create key pairs for authorized users:
evfspkey keygen [-r | [-p [-u user] | -s [-u user]] [-c cipher] [-k
keyname] [-m keywrap]
where:
-p Causes evfspkey to prompt for passphrase. The evfspkey utility will prompt
you for a passphrase and store the passphrase in an encrypted file. The
passphrase must contain at least eight characters.
CAUTION: A stored passphrase enables you to use the EVFS autostart feature
but it is a security risk.
-s Causes evfspkey to generate a passphrase automatically. The evfspkey utility
will generate a passphrase for you and store the passphrase in an encrypted file.
Creating keys 41