Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
# evfsfile set -d /efsmnt
# evfsfile list /efsmnt
evfsfile: list error: "/efsmnt" is not enabled for encryption.
# evfsfile list /efsmnt/dir1
EFS directory information:
Data Encryption Cipher: aes-192-cfb
# evfsfile list /efsmnt/dir2
EFS directory information:
Data Encryption Cipher: aes-192-cfb
Disabling encryption at the directory level
In this example, assume that /efsmnt/dir2 is enabled for encryption. The directory
/efsmnt/dir2/dir3 is then created with encryption parameters inherited from /efsmnt/dir2.
The disabling of encryption on /efsmnt/dir2 does not change /efsmnt/dir2/dir3.
# evfsfile list /efsmnt/dir2
EFS directory information:
Data Encryption Cipher: aes-128-cbc
# evfsfile list /efsmnt/dir1
EFS directory information:
Data Encryption Cipher: aes-128-cbc
# mkdir /efsmnt/dir2/dir3
Disable encryption on the /efsmnt/dir2 directory as follows:
# efsfile set -d /efsmnt/dir2
# evfsfile list /efsmnt/dir2
evfsfile: list error: "/efsmnt/dir2" is not enabled for encryption.
# evfsfile list /efsmnt/dir2/dir3
EFS directory information:
Data Encryption Cipher: aes-128-cbc
Listing file encryption attributes
The evfsfile list subcommand is used to display encryption attributes on a given file or
directory. The syntax for evfsfile list sub-command is as follows:
# evfsfile list <file or directory>
If the given file or directory is a valid encryption object, this command displays the encryption
attributes associated with that file or directory. Otherwise it prints an error message.
Display encryption attributes on a directory enabled for encryption as follows:
# evfsfile list /efsmnt/dir1
EFS directory information:
Data Encryption Cipher: aes-192-cfb
Display encryption attributes on an encrypted file as follows:
# evfsfile list /efsmnt/dir1/file1
EFS file information:
EMD Size (Kbytes): 4
Data Encryption Cipher: aes-192-cfb
Owner Key ID: efsuser.efsuser
Group Key ID: efsgroup.efsgroup
A user with valid UNIX DAC permissions can list the encryption attributes on a given directory. To
list encryption attributes on files, the EFS checks will be performed on top of DAC checks. Therefore,
only the owner of the file from a valid secure session can list the encrypted attributes on a given
encryption file.
Sharing encrypted files via groups and group keys
For an encrypted file or a directory, a user with valid UNIX DAC permissions can list the encryption
attributes.
Sharing encrypted files via groups and group keys 113