Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
11121314151617181920
Contents
1 Overview................................................................................................14
EVFS architecture....................................................................................................................14
Features and benefits..............................................................................................................15
Supported software.................................................................................................................17
Product limitations and precautions...........................................................................................18
2 EVFS data and keys..................................................................................21
EVFS data flow.......................................................................................................................21
Encryption metadata (EMD).....................................................................................................21
EVFS encryption keys..............................................................................................................22
Volume and file encryption keys...........................................................................................22
User keys..........................................................................................................................22
Passphrases..................................................................................................................22
Stored passphrases...................................................................................................22
Using HP-UX Trusted Computing Services with EVFS................................................................23
How EVFS uses keys...........................................................................................................23
Key names and key IDs...........................................................................................................23
User key and passphrase storage..............................................................................................23
File names........................................................................................................................24
Alternate storage databases and distributed key storage.........................................................24
3 EVFS installation.......................................................................................25
Prerequisites...........................................................................................................................25
Installing EVFS........................................................................................................................25
Upgrading to EVFS v2.1..........................................................................................................26
Uninstalling EVFS....................................................................................................................27
4 Preparing EVFS for configuration................................................................28
Verifying for preconfiguration...................................................................................................28
Preparation overview..............................................................................................................28
Step 1: Configuring an alternate EVFS pseudo-user......................................................................29
Step 1a: Setting the evfs_user attribute..................................................................................29
Example......................................................................................................................29
Step 1b: Creating the user group.........................................................................................29
Example......................................................................................................................29
Step 1c: Creating the EVFS pseudo-user account....................................................................29
Example......................................................................................................................29
Step 2: (Optional) Configuring alternate key database directories.................................................30
Syntax for pub_key, priv_key, and pass_key attribute statements...............................................30
Key storage directory requirements.......................................................................................31
Default pub_key, priv_key and pass_key attribute statements....................................................31
Example: Alternate directory for public keys..........................................................................32
Example: NFS directory for public and private keys................................................................32
Step 3: (Optional) Modifying EVFS global parameters.................................................................32
Step 4: Configuring FIPS compliant EVFS...................................................................................33
Step 4a: Configure HP-UX KCM to enable FIPS mode.............................................................33
Step 4b: Restrict HP-UX EVFS using FIPS qualified cipher suites.................................................33
Step 5: Starting the EVFS subsystem..........................................................................................33
Example...........................................................................................................................34
Step 6: (Optional) Configuring the autostart feature....................................................................34
Contents 13