Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

111

112

113

114

115

116

117

118

119

120

# evfsfile list ME

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: dlin.dlin

# ls -l

total 10

-rw-r--r-- 1 dlin users 15 Jul 31 12:26 ME

Without evfsxfr, the size of ME is displayed as 15 bytes. But with evfsxfr, the EMD of size

4K is included:

# evfsxfr ls -l

total 10

-rw-r--r-- 1 dlin users 4111 Jul 31 12:26 ME

The following command allows the root user to run the chown command for an encrypted file:

# evfsxfr chown dlin /encrypted_dir/encrypted_file

The following command allows a user to copy an encrypted file to /tmp directory in a non-secure

session.

# evfsxfr cp /encrypted_dir/encrypted_file /tmp

EFS backup and restore

If you are in a secure session backing up the file that you have access to (for example, the encrypted

file whose file encryption key is protected with your user key or primary group key), the content is

stored in cleartext. To leave the contents in encrypted form, there are three ways to backup and

restore encrypted files and file systems:

1. Back up and restore using the evfsxfr command.

You can use the evfsxfr command with other commands such as tar and cpio to store

data in encrypted form. The evfsxfr command is used to view the encrypted content. Note

that evfsxfr cannot be used if the files are currently being accessed. You must use the

evfsxfr command to restore the data otherwise, the content maybe be encrypted twice and

result in lost files.

To view if a file is encrypted, use the evfsxfr command as follows:

# evfsfile list AG/secret.c

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: dlin.dlin

Group Key ID: users.users

Recovery Key ID: evfs.efs

# cat AG/secret.c

this is a SECRET file

Using the tar command without the evfsxfr command saves the content in cleartext form:

# tar cvf AG-clear.tar AG

a AG/secret.c 1 bloc

# strings AG-clear.tar | grep SECRET

this is a SECRET file

# rm -fr AG; tar xvf AG.tar

x AG/secret.c, 22 bytes, 1 tape blocks

# evfsfile list AG/secret.c

evfsfile: list error: "AG/secret.c" is not an encrypted file.

Using the tar command with the evfsxfr command, the encrypted file remains intact:

# evfsxfr tar cvf AG.tar AG

a AG/secret.c 9 blocks

# rm -fr AG; tar xvf AG.tar

118 Using EFS