Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

1. Creates user keys

2. Deletes user keys

3. Displays user key information

4. Changes a user’s passphrase which protects the private key (requires the user’s old key

passphrase)

5. Imports user keys

6. Exports user keys (requires the user’s key passphrase)

The system administrator can also perform operations 1 through 4. Only the key manager can

perform operations 5 and 6.

NOTE: Users who are the key owners can perform all of these operations.

For more information on these operations, see Chapter 12 (page 131).

Enabling the key manager

The key manager mainly performs key administration without having special privileges to access

a user’s encrypted file and key files. The use of a key manager is optional. After logging into the

system, the key manager is allowed to manage all user keys similarly to the system administrator.

In addition, the key manager is also allowed to import and export user keys, which is not allowed

by the system administrator.

To enable the use of a key manager, follow these steps:

1. Create a user account and identify a person to become the account owner to perform key

operations. Note that the key manager cannot have an EFS secure session.

2. Edit the /etc/evfs/evfs.conf file and remove the comment # sign from the key_manager

line. Set the user account created in the previous step to key_manager.

104 Determining user roles