Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

111

112

113

114

115

116

117

118

119

120

# evfsfile encrypt [-c cipher] file

The parameters are as follows:

cipher The symmetric key algorithm name and key length. Valid values are aes-128-cfb,

aes-192-cfb, and aes-256-cfb. On IA, aes-128-cbc, aes-192-cbc and

aes-256-cbc are also valid. Using this option creates the encryption key with specified

cipher. Otherwise, the cipher information is extracted using the "cipher precedence"

rules described in Section (page 117).

file Encrypted file name.

This example converts a cleartext file to an encrypted file, as follows:

Create an encrypted file system and mount it on the /efsmnt directory using the procedure

described in Chapter 10 (page 105).

Convert the /efsmnt/file1 cleartext file to an encrypted file as follows:

1. List the encryption attributes on the /efsmnt/file1 file to make sure it is not encrypted.

# evfsfile list /efsmnt/file1

evfsfile: list error: "/efsmnt/file1" is not an encrypted file.

2. Turn off all the applications that use the /efsmnt/file1 file. For data consistency, stop all

applications from accessing the data. You can use the fuser –cu command to determine

the processes accessing files, and the fuser -cku command to terminate the processes. For

more information, see fuser(1M).

3. Make sure that you are in a secure session. If not, enter into a secure session by using the

evfsauth login command.

4. Use the evfsfile encrypt command to convert the cleartext file to an encrypted file (using

the default cipher):

# evfsfile encrypt /efsmnt/file1

Successfully encrypted the file

5. List the encryption attributes on the /efsmnt/file1 file:

# evfsfile list /efsmnt/file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: root.root

Group Key ID: sys.sys

Recovery Key ID: evfs.efs

6. Convert the file using a different cipher:

$ evfsfile encrypt -c aes-256-cfb /efsmnt/file1

Successfully encrypted the file

7. List encryption attributes on the /efsmnt/file1 file:

$ evfsfile list /efsmnt/file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-256-cfb

Owner Key ID: root.root

Group Key ID: sys.sys

Recovery Key ID: evfs.efs

If you do not have the group key and recovery key configured, you will not see the Group Key

ID and Recovery Key ID as shown above.

Converting an encrypted file to a cleartext file

To convert an encrypted file to a cleartext file, follow these steps:

Create an encrypted file system and mount it on the /efsmnt directory. Convert the

/efsmnt/file1 encrypted file to a cleartext file as follows:

File conversion operations 115