Manualshelf

Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
51525354555657585960
# fuser -cu /opt/my_data
# fuser -cku /opt/my_data
# cp -R /opt/my_data/* /opt/encrypted_data
# rm -r /opt/mydata
(If /opt/mydata was a file system, you would unmount it instead and remove the corresponding
entry from the /etc/fstab file.)
# ln -s /opt/encrypted_data /opt/my_data
Step 5: Backing up your configuration
After you have completed your configuration, back up the files and subdirectories under the /etc/
evfs directory.
You must back up the user key database. You cannot re-create lost or corrupt user keys or
passphrases. Determine the directories used for the key database by checking the pkey attribute
statement in the /etc/evfs/evfs.conf file. By default, EVFS stores the user key database in
subdirectories below the /etc/evfs/pkey/users directory.
Option 2: Converting a volume with existing data to an EVS volume (inline
encryption)
This section describes how to convert existing data on a volume into an EVS volume. This section
addresses the following topics:
“Step 1: Preparing the file system and data” (page 53)
“Step 2: Performing inline encryption” (page 54)
“Step 3: Verifying the configuration” (page 55)
“Step 4: Backing up your configuration” (page 57)
Before using this procedure, you must complete the tasks in Chapter 4 (page 26).
IMPORTANT: To use inline encryption, 3 MB of spare disk space are required at the end of the
volume, and the minimum volume size must be 4 MB. If the entire volume is used, extend the volume
using lvextend for LVM, or vxassist for VXVM.
Step 1: Preparing the file system and data
a. Verify the file systems or volumes you want to secure with EVFS are suitable for encryption.
You cannot use EVFS with the following objects:
Files or disk areas used during system boot. This includes the following objects:
the root disk (/)
the boot disk
the HP-UX kernel directory (/stand)
the /usr directory"
EVFS cannot decrypt the kernel or other data before the system boots.
Option 2: Converting a volume with existing data to an EVS volume (inline encryption) 53