Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

121

122

123

124

125

126

127

128

129

130

# cp file1 /efs/encdir

# ll /efs/encdir/file1

-rw-rw-rw- 1 jsmith users 6 Jul 29 10:33 /efs/encdir/file1

# cp file1 /efs/cleardir

cp: file1: is encrypted, but /efs/cleardir is not configured for encryption:

Permission denied

Example 2

In this example, user jsmith who is in a secure session, copies an encrypted file to a regular

directory using the evfsxfr cp. The target file is still encrypted. If the target directory is in the

EFS file system (for example, the file system is mounted to the EFS mapped volume), the user can

access the file as long as the user is in a secure session. If the target directory is not in the EFS file

system, the file becomes inaccessible:

# evfsxfr cp file1 /efs/cleardir

# evfsfile list /efs/cleardir/file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: jsmith.jsmith

# more file1

this is a test

# evfsxfr cp file1 /tmp

# more /tmp/file1

M-^PM-zJbM-DM-_M-^? ^A^A^Ao^A-^PM-h1M-^G^Pe^^7M-<Vl$^Q^G=4M-\^D

Example 3

In this example, user jsmith who is in a secure session, copies a clear file into the directory

configured for encryption. The target file becomes encrypted:

# cd /efs/cleardir

# evfsfile list .

evfsfile: list error: "." is not enabled for encryption.

# echo "this is another test" > filea

# evfsfile list filea

evfsfile: list error: "filea" is not an encrypted file.

# cd /efs/jsmith

# evfsfile list .

EFS directory information:

Data Encryption Cipher: aes-128-cbc

# cp /efs/cleardir/filea filea

# evfsfile list filea

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: jsmith.jsmith

# more filea

this is another test

Example 4

After exiting from a secure session, user jsmith is not allowed to copy a clear file into a directory

configured for encryption:

# evfsauth display

User key:

Key name: jsmith.jsmith

# exit

# which cp

/usr/bin/cp

# cd /efs/cleardir

# echo "this is 3rd test" > fileb

# cd /efs/jsmith

# cp /efs/cleardir/fileb .

cp: cannot create ./fileb: Permission denied

The EVFS wrapper commands 121