Manualshelf

Encrypted Volume and File System v2.0 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
12345678910
EVFS uses public/private encryption key to protect volume and file encryption keys. EVFS
supports the following public/private key encryption algorithms:
— 1024-bit key Rivest-Shamir-Adelman (RSA)
— 1536-bit key RSA
— 2048-bit key RSA
Passphrase storage and retrieval for automatic start (autostart).
EVFS encrypts private keys with passphrases. In normal operation, EVFS prompts the user
for the passphrase to decrypt and retrieve the private key. To enable EVFS operation during
system startup without human intervention, EVFS provides a mechanism to store a user's
passphrase in a file, encrypted with system-specific data. At system startup, EVFS can
automatically retrieve stored passphrases and use the passphrases to execute EVFS
commands.
CAUTION: Stored passphrases provide convenience, but they are security risks.
EFS Secure Session
In order to use EFS, a user needs to be in an EFS secure session (see evfsauth(1)) This session
contains all the necessary credential for a user to access and operate on encrypted files.
Secure session credentials are inherited by its child processes.
Key Management
EVFS provides its own local key management system. It supports encryption keys for both
EVS and EFS. The concept of key manager is introduced in EVFS 2.0.
1.2 New and Changed Features in this Release
HP-UX EVFS v2.0 adds support for file-level encryption to provide unique symmetric keys for
individual files. The distinction is that with volume-level encryption, all files residing in a file
system (mounted on an encrypted volume) are encrypted using the same symmetric key. By
comparison, file-level encryption enables individual files residing in the same file system to have
unique (or no) symmetric encryption keys.
HP-UX EVFS v2.0 includes the defect fixes listed in “Enhancements” (page 11) and “Defects
Fixed” (page 11).
1.3 Acquiring and Installing EVFS
You can acquire and install EVFS free of charge from Software Depot:
http://www.software.hp.com
Enter EVFS into the search box at the top of the page.
Installation Requirements
EVFS v2.0 requires approximately 12 MB of disk space and has the following software
requirements:
HP-UX 11i v3 for HP 9000 servers and HP Integrity servers.
If your system does not automatically reboot when migrating from EVFS version 1.0, you
must manually reboot to load the DLKM module. You do not need to reboot if there is no
previous version of EVFS installed.
Veritas File System 5.0 (VxFS 5.0)
Patch Requirements
EVFS v2.0 has the following patch requirements:
8 EVFS