Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

111

112

113

114

115

116

117

118

119

120

1. List the encryption attributes on the /efsmnt/file1 file:

# evfsfile list /efsmnt/file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: root.root

Group Key ID: sys.sys

2. Turn off all the applications that use the /efsmnt/file1 file. For data consistency, stop all

applications that are accessing the data. You can use the fuser –cu command to determine

the processes accessing files, and the fuser -cku command to terminate the processes. For

more information, see fuser(1M).

3. Make sure that you are in a secure session. If not, enter into a secure session by using the

evfsauth command.

4. Use the evfsfile decrypt command to convert the encrypted file to a cleartext file:

# evfsfile decrypt /efsmnt/file1

Successfully decrypted the file

5. List the encryption attributes on the /efsmnt/file1 file to make sure that the file is converted

(decrypted):

# evfsfile list /efsmnt/file1

evfsfile: list error: "/efsmnt/file1" is not an encrypted file.

Changing the file encryption key (rekey)

The syntax for rekey is as follows:

# evfsfile rekey [-c cipher] file

The parameters are as follows:

cipher The symmetric key algorithm name and key length. Valid values are aes-128-cfb,

aes-192-cfb, and aes-256-cfb. On IA, aes-128-cbc, aes-192-cbcand

aes-256-cbc are also valid.Using this option creates the new encryption key with

the specified cipher. Otherwise, the cipher information is extracted using the "cipher

precedence" rules described in “Cipher precedence” (page 117).

file Encrypted file name.

In this example, the encrypted file system is created and mounted on the /efsmnt directory. The

/efsmnt/file1 file is an encrypted file and its encryption key needs to be changed, as follows:

1. List the encryption attributes on the /efsmnt/file1 file:

# evfsfile list /efsmnt/file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: root.root

Group Key ID: sys.sys

Recovery Key ID: evfs.efs

2. Turn off all the applications that are using the /efsmnt/file1 file. For data consistency,

stop all applications that are accessing the data. You can use the fuser –cu command to

determine the processes accessing files, and the fuser -cku command to terminate the

processes. For more information, see fuser(1M).

3. Make sure that you are in a secure session. If not, enter into a secure session by using the

evfsauth login command. This operation changes the encryption key with the same cipher

(if cipher is not specified with the –c option):

# evfsfile rekey /efsmnt/file1

Successfully changed the file encryption key

4. List the encryption attributes on the /efsmnt/file1 file:

116 Using EFS