Manualshelf

Encrypted Volume and File System v2.0 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
12345678910
1 EVFS
EVFS (Encrypted Volume and File System) is an application-transparent technology providing
protection of data at rest.
With EVFS, critical files and data at rest (on disk) are stored in encrypted form on disk. EVFS
safeguards against compromised use of and unauthorized access to data due to physical theft
of storage devices. The data encryption is based on a secret-key cryptosystem and runs as an
integrated kernel service transparent to the user.
With HP-UX EVFS, disks and volumes can be configured to be used in one of two modes -
volume-level encryption (EVS) or file-level encryption (EFS).
NOTE:
EVS is supported with HP-UX 11i v2 update 2 and later.
EFS is supported with HP-UX 11i v3 and later.
You can use a volume or a disk for either EFS or EVS, but not both.
1.1 Features
Data protection that is file-system independent.
When configured in volume mode (EVS), EVFS supports all disk file system types that can
be mounted on a LVM, VxVM, or physical volume, including High Performance File System
(HFS) and Veritas File System (VxFS, also referred to as Journaled File System, or JFS). EFS
mode only supports HFS and VxFS.
Application transparency.
EVFS volumes are implemented as pseudo-devices below the HP-UX file system. No changes
to applications are necessary. When configured in volume mode, EVFS is compatible with
network file sharing utilities, such as Network File System (NFS) and Common Internet File
System (CIFS), and with network file access utilities, such as File Transfer Protocol (FTP)
and remote copy (rcp).
High-performance bulk data encryption using symmetric keys.
EVFS encrypts volume data using a symmetric encryption key, referred to as the volume
encryption key. EVFS supports the following symmetric key algorithms for encrypting
volume data:
— 128-bit key Advanced Encryption Standard Cipher Block Chaining (AES CBC) mode
— 192-bit key AES CBC mode
— 256-bit key AES CBC mode
— 128-bit key Advanced Encryption Standard Cipher FeedBack (AES CFB) mode
— 192-bit key AES CFB mode
— 256-bit key AES CFB mode
EVFS encrypts file data using a unique symmetric encryption key, referred to as the file
encryption key. EVFS supports the following symmetric key algorithms for encrypting file
data:
— 128–bit key Advanced Encryption Standard Cipher FeedBack (AES CFB) mode
— 192-bit key AES CFB mode
— 256-bit key AES CFB mode
Public/private keys protecting symmetric keys.
1.1 Features 7