Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
# evfsauth display
You are not in a secure session.# id
# more file1
file1: Permission denied
/* root user who is in the secure session but cannot read the file */
/* because root is not the owner */
# id
uid=0(root) gid=3(sys) groups=0(root)
# evfsauth display
User key:
Key name: root.root
Recovery key:
Key name: evfs.newkey
# more file1
File1: Permission denied
/* Assign encrypted file to root user */
# evfsfile assign -r /test1/newkey.priv -u root file1
Enter recovery passphrase:
Encrypted file "file1" owner has been successfully changed to "root.root"
/* The user can read the file after the new user key is assigned */
# more file1
this is an encrypted file
/* The owner of the file is now "root" */
# evfsfile list file1
EFS file information:
EMD Size (Kbytes): 4
Data Encryption Cipher: aes-128-cbc
Owner Key ID: root.root
Recovery Key ID: evfs.newkey
Example 5
In this example, the root user disables the EFS recovery key and the EVFS subsystem must be
restarted:
/* comment out key name is /etc/evfs/evfs.conf */
# efs_recovery_keyname = newkey
# evfsadm stop
# evfsadm start
130 Using EFS