Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
The exported key stored in standard PKCS12 or PEM format can be shared with other applications
which recognize the format. For example:
# openssl pkcs12 -in keyout -nodes
Enter Import Password:
MAC verified OK
Bag Attributes
localKeyID: 74 BD C2 F7 DD CA EC A2 D0 17 D2 C4 30 15 97 3C E9 FE 40 FF
subject=/C=US/ST=dummyState/O=dummyOrg/CN=dummyUrl
issuer=/C=US/ST=dummyState/O=dummyOrg/CN=dummyUrl
-----BEGIN CERTIFICATE-----
MIICbDCCAZUCAQAwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxCzAJBgNV
BAgTAkNBMQ0wCwYDVQQKEwRmYWtlMRUwEwYDVQQDEwx3d3cuZmFrZS5jb20wHhcN
MDgwNzExMTcwODE3WhcNMDgwNzEyMTcwODE3WjBAMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCQ0ExDTALBgNVBAoTBGZha2UxFTATBgNVBAMTDHd3dy5mYWtlLmNvbTCB
3DANBgkqhkiG9w0BAQEFAAOBygAwgcYCgcAjoBAAB2hNNwQ002P/6bfSntgi8puj
0ZZKyGBr9C05w3X4mGfdsheUhRwSLgKl/S7PZa3xIdYozw1Zhi5WXQAa6HApgfVX
OjGMMreMURyNGJUnV675d+gSaQR6O5+ySjH+6KYjHlRsQxhabS9tAeGMyOKRjj90
mdFDn22TAgRNKNSEkKWTcotbGXuF4gX6LsVkJQKss7XNOG0HIjzh+6XCMXu+PEoR
onb8JISXY40DKKotBLPkvi7tE/0CuWbYhi8CAREwDQYJKoZIhvcNAQEFBQADgcEA
D1Twd03Qm9WtCttAl3WDS1rjIRRZ0nm6GwjUIlOJFBImhCYCWwL9j5g89cb8kBZg
ukZVrnx5ktoSe/3jFAgKn2OxDrIT16BolYASLcDUZWLc8Prb1iKfPC1oXsidqBw8
XP2ZW2U2ax7xkzE4BNJCql83l6RZd6mhdFwRm4fL5GzsjOnd/alUTEj0OBlX3w2O
hxp/4FRpvJc2ioifEg7uRxKADX/NUkILZwzz3JzZ/XrN1fwdXS2b+7vdFzjbnliH
-----END CERTIFICATE-----
Bag Attributes
localKeyID: 74 BD C2 F7 DD CA EC A2 D0 17 D2 C4 30 15 97 3C E9 FE 40 FF
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIIDdgIBAAKBwCOgEAAHaE03BDTTY//pt9Ke2CLym6PRlkrIYGv0LTnDdfiYZ92y
F5SFHBIuAqX9Ls9lrfEh1ijPDVmGLlZdABrocCmB9Vc6MYwyt4xRHI0YlSdXrvl3
6BJpBHo7n7JKMf7opiMeVGxDGFptL20B4YzI4pGOP3SZ0UOfbZMCBE0o1ISQpZNy
i1sZe4XiBfouxWQlAqyztc04bQciPOH7pcIxe748ShGidvwkhJdjjQMoqi0Es+S+
Lu0T/QK5ZtiGLwIBEQKBwA6rUeHk7rZh8qxXCw8F4keq0XfNTyVWTPGdzVmgx1QF
MJOKDKaUoEw2z1LHprzRqdztofngwZhVQbtzfH3qDxojeXqAzm82FGbntP2Kz4Vk
eabJwITXBTTB1KrNQcHiUINxFanDtdByKN2lQuJMB5NtsTpFkTXIeDpGVJ4FCkDo
qCN4n1uzOj0kKwJvR1FXk41MDwuA+UJLlXB5jdCIz++oTev0MWGWQIJb14QDuCLt
eWk4pdPqt2sPpAGpdguZGQJgV7ERdNFmGUw5zEHurBGQwgt3cD2MKCwT+tyk5cSd
CCUopeSM0hnJ9d5E2xYwO70Dw0PG8ok9hN4u7/FFw4fB4Ua2EUvuxYAnExBnxSUZ
wFNWUxgjhir4NxrEesrKn0C9AmBoAGASA+uh4Z/hmed2yfVAILy4XpvJ0AcEYR+/
w3LwhYE/YpW+EzP1URdbvZZCCskAljvCzK05oq6YUufa3n0tLXYmw+NfIyD1oshI
fo+AS3Yjh4/uNJ3WihfxnDRmP1sCYEg3d8mdYyPka9VjeUJo0ZC+JiAyr6icxSjx
8TWw+cp49Exh3WG64o4+kw7G+ouMma/ddqmeMqmn6ms/KmTKJzH9/1mJ07G01OKF
+xrTQmImg1N9Sm59vVqOg7BqxPueuQJgMPEeJphu4sSHeTld3Yw3LTyVC3fQ13D0
PkvStJg2FtVp/7XsHTY2kY+ShYZk08jXD1XBxRUGOT1/Vr2aSOEr2QZVt+O2SuNa
zfJAIh1wtNg3mD/LQuuVkiLeF1iRIQ7BAmAKA9lp5mnyrPDPRP+RgkPrnXRSdkz+
qjurW7EUEj3nV0hNgNVnv2ab75UGGwiaA5/Zi29odGISLfYCA9YzlmzE5UjFm96u
pwutExRHtqDjf72MhkyL2vB7s5HoTlTuzKI=
-----END RSA PRIVATE KEY-----
Importing a user key
The key manager or the key owner can import a user key from a file. This is the opposite operation
to exporting a user key. Therefore, the passphrase which protects the file is requested first, then
the passphrase to protect the private key is requested. The file must contain the key in PKCS12 or
PEM format. By default, the evfspkey import command assumes the key file is in PKCS12
format. If it is in PEM format, you need to specify the -F pem option in the command line.
The following options are valid only for the key manager:
-u <username> Specifies the user name.
-r Specifies that it is a recovery key.
The following options are valid for the key manager and the regular users:
-k <keyname> Specifies the key name to import.
Managing a user key 137