Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

121

122

123

124

125

126

127

128

129

130

# mv filex filey

# evfsfile list filey

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: jsmith.jsmith

Example 4

The root user in a secure session is allowed to move an encrypted file across different file systems:

# id

uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail)

# evfsauth login

Enter your key passphrase:

You are entering in a secure session. Use "exit" to end the session.

# evfsfile list /efs/jsmith/file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: jsmith.jsmith

# evfsfile list /efstest

EFS directory information:

Data Encryption Cipher: aes-128-cbc

# mv /efs/jsmith/file1 /efstest

# evfsfile list /efstest/file1

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: jsmith.jsmith

# exit

Example 5

When not in a secure session, root is not allowed to move an encrypted file across different file

systems:

# evfsauth display

User key:

Key name: root.root

# exit

# mv /efstest/file1 /efs/jsmith

mv: /efstest/file1: cannot read: Permission denied

The usermod and groupmod commands

The usermod wrapper command modifies the user information in the system by executing the

HP-UX usermod command and updating the EVFS key storage associated with the user.

The user key storage is created based on the login name of the user. Once it is created, it cannot

change. Therefore, if the user already has valid keys, the wrapper usermod command does not

support the–l option to change the user’s login name. If the HP-UX usermod command, which

has no knowledge of user keys, is used to change the login name, the user key and all encrypted

files associated with the user key will become inaccessible, and there will be no user key associated

with the new login name.

NOTE: Do not change the user’s login name once the user has keys.

If the –g option is specified to change the primary group membership of this user and the user key

contains the access information of the primary group, the usermod wrapper command will remove

the group access information from the user key. As a result, the user no longer has access to the

encrypted files belonging to the group. The access information of the new group is not automatically

added to the user key. The key manager must run the evfspkey add –u <username> -g

<groupname> command to add the access information (See Section (page 142)).

The groupmod wrapper command modifies the group from the system by executing the HP-UX

groupmod command. The -n option is not supported if the group has valid keys. If HP-UX

The EVFS wrapper commands 125