Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

101

102

103

104

105

106

107

108

109

110

11 Using EFS

Once you have an EFS file system mounted, you can create and manipulate an encrypted file.

This chapter describes the various operations that you can perform on an encrypted file, as follows:

• “Using a secure session” (page 108)

• “Creating an encrypted file” (page 109)

• “Reading from or writing to an encrypted file” (page 109)

• “Changing the file permissions” (page 110)

• “Changing the file owner/group” (page 110)

• “File encryption attributes” (page 110)

• “Sharing encrypted files via groups and group keys” (page 113)

• “File conversion operations” (page 114)

• “Using the evfsxfr command” (page 117)

• “EFS backup and restore” (page 118)

• “The EVFS wrapper commands” (page 120)

• “Using the evfsrun command” (page 127)

• “The EFS recovery key” (page 128)

For more information on how to create an encrypted file system, see Chapter 10 (page 105).

Using a secure session

To create or manipulate an encrypted file, you must be in a secure session. If your credential does

not exist, you will be prompted to create it. This credential is inherited to all the children for the

process. Use the evfsauth display command to display your credential. Exiting the process

(if in a shell, usually with the exit command) terminates the session.

You can perform these secure session operations using the evfsauth command.

Logging into a secure session

Use the evfsauth login command to log into an EVFS secure session. The evfsauth login

command loads the user's credential and starts the user’s default shell, which creates a secure

session. Without running the evfsauth login command, you cannot use EFS to protect your

files.

To create a secure session, run the evfsauth login command. The command prompts you for

your user key passphrase, as follows:

# evfsauth login

Enter your EFS passphrase:

You are entering in a secure session. Use "exit" to end the session.

Whether you have a stored passphrase or not, the evfsauth login command always prompts

for the passphrase. If you want to create your own key before entering the secure session, you

need to run the evfspkey keygen command without the -s option to be able to enter your own

passphrase.

If the user key does not exist, the evfsauth login command automatically creates the user key

and loads it into the kernel, as follows:

# evfsauth login

You don't have a key pair to use EFS. Do you want to create one?

Answer [yes/no]:yes

Enter passphrase:

108 Using EFS