Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

111

112

113

114

115

116

117

118

119

120

# evfsfile list AG/secret.c

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: dlin.dlin

Group Key ID: users.users

Recovery Key ID: evfs.efs

Note that if you do not use the evfsxfr command when restoring into an encrypted directory,

the encryption is done twice:

# evfsfile list AG

EFS directory information:

Data Encryption Cipher: aes-128-cbc

# tar xvf AG.tar

x AG/ME, 4111 bytes, 9 tape blocks

# evfsxfr ls -l AG/ME

-rw-r--r-- 1 dlin users 8207 Jul 24 16:19 AG/ME

The file should be 4111 bytes in size, but now it is 8207 bytes with unintelligible content.

2. Backup and restore using an off-line EFS volume.

If the EFS volume can be taken off-line, a simple way to backup the volume is to mount it as

read-only without EFS stacking. For example, if you have an EFS volume /dev/vg00/lvol9,

it is usually mounted as follows:

# mount -o stackfs=sefs /dev/vg00/lvol9 /test

To mount it for backup, you remount it as follows:

# mount -r /dev/vg00/lvol9 /test

At this point, any standard procedures or tools used for backup and restore can be used on

this volume.

3. Backup and restore using the VxFS snapshot or checkpoint

You can use the snapshot and checkpoint of the Veritas file system to backup encrypted files

and file systems on-line (see Veritas™ File System 5.0 Administrator's Guide HP-UX 11i v3).

Assuming there is an EFS file system mounted on /test:

# mount -F vxfs -o stackfs=sefs /dev/vg00/lvol9 /test

Create a snapshot mount file system on /snap with volume /dev/vg00/lvol10 for backup,

as follows:

# mount -F vxfs -o snapof=/test /dev/vg00/lvol10 /snap

See mount_vxfs(1M) for information on the snapshot mount file system.

View the cleartext content of the encrypted files on this snapshot directory, as follows:

# mount -F vxfs -o stackfs=sefs,snapof=/test /dev/vg00/lvol10 /snap

Create a checkpoint file system on the same /test EFS volume, as follows:

# fsckptadm create test /test fsckptadm list

Mount the checkpoint file system on /ckpt as read-only for encrypted backup, as follows:

# mount -F vxfs -o ckpt=test /dev/vg00/lvol9:test /ckpt

At this point, any standard procedures or tools used for backup and restore can be used on

this volume. This checkpoint can also be used as a regular EFS volume, as follows:

# mount -F vxfs -o stackfs=sefs,rw,ckpt=test /dev/vg00/lvol9:test /ckpt

To remove this checkpoint:

# fsckptadm remove test /test

EFS backup and restore 119