Manualshelf

Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
919293949596979899100
3. Use a file-based utility, such as cp, to copy data from the EVS volume device file to the target
volume. The target volume now contains the data from the source EVS volume, encrypted
using the target volume's EVFS data key.
In the following example, /opt/encrypted_data is mounted on the source EVS volume,
and /opt/evfs_backup is mounted on the EVS volume. Both EVS volumes are enabled:
cp -r /opt/encrypted_data /opt/evfs_backup
Example
In the following example, /dev/evfs/vg01/lvol5 is the source volume, with /opt/
encrypted_data mounted on it, and /dev/evfs/vg01/lvol6 is the target volume, with
/opt/evfs_backup mounted on it. The cp command receives cleartext from the source EVS
volume, and the target EVS volume encrypts the data.
# fuser -cku /dev/evfs/vg01/lvol5
# fuser -cku /dev/evfs/vg01/lvol6
# evfsadm stat -a (verify that EVFS is enabled on the source and target volumes)
# cp -r /opt/encrypted_data /opt/evfs_backup
Creating cleartext backup media to a non-EVFS device (nonmirrored volumes)
You do not need to use a special procedure to create cleartext backup media from an EVS volume.
You can back up individual files or directories from the EVS volume, or you can specify the EVS
volume device file as the source for the backup utility. The EVS volume must have encryption and
decryption enabled.
Restoring backup media
This section describes how to restore backup media, and describes the following procedures:
“Restoring encrypted backup media from a non-EVFS device to an EVS volume” (page 94)
“Restoring backup data from an EVS volume to an EVS volume” (page 95)
Restoring encrypted backup media from a non-EVFS device to an EVS volume
When restoring encrypted backup media created on a non-EVFS device (such as a tape device)
that contains an EVS volume, the target volume to which you are restoring the data must meet the
following criteria:
The target volume must be an EVS volume. If you do not have an EVS volume, use the procedure
described in “Step 1: Configuring an EVS volume” (page 43) to create an EVS volume.
The EVS volume must have EVFS disabled.
CAUTION: If you do not disable encryption and decryption on the target volume, EVFS
encrypts the encrypted data you restore (the data is encrypted twice).
To use this procedure, you must have the appropriate file permissions to access the EVS volume
device file and meet at least one of the following criteria:
You are the volume owner.
You are an authorized user for the volume.
A stored passphrase exists for one of the volume's user key pairs, and you know the key ID
for the key pair.
Use the following procedure to restore encrypted backup media:
1. If the user key pairs used with the source EVS volume are not available on the system, restore
them. See“Restoring user keys” (page 65) for information on restoring EVFS user key pairs.
94 Backing up and restoring data on EVS volumes