Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

131

132

133

134

135

136

137

138

139

140

the key manager’s passphrase once. The file contains all the groups to be created; the group names

are specified one group per line.

Example

In this example, the grpfile file contains the following:

# more grpfile

lgrp1

lgrp2

testgrp

The key manager can create all those groups as follows:

# evfspkey keygen -f grpfile

Enter key manager's passphrase:

Public/Private key pair "lgrp1.lgrp1" has been successfully generated.

lgrp1:

group access key has been added into user "luser1" key record.

group access key has been added into user "luser3" key record.

group access key has been added into user "luser2" key record.

Public/Private key pair "lgrp2.lgrp2" has been successfully generated.

lgrp2:

group access key has been added into user "luser4" key record.

group access key has been added into user "luser5" key record.

group access key has been added into user "lusera" key record.

Public/Private key pair "testgrp.testgrp" has been successfully generated.

The following options are to be used by the key manager to create the group keys:

-g <groupname> Specifies the group name.

-c <cipher> Specifies the type of key.

-f <filename> Specifies a file that contains all the groups to be created – one group per

line.

-n Does not add the group access key to its members.

Displaying group key information

Unlike user keys, group keys have less information to display. Anyone can display any group key

information using the evfspkey lookup command with the -g option, as follows:

# id

uid=100(evfs) gid=200(evfs)

# evfspkey lookup -g lgrp1

Key ID: lgrp1.lgrp1

Key Cipher: rsa-2048

Key Fingerprint: 56:b5:ef:d6:b4:b4:fe:c5:3f:39:fc:82:08:11:03:df:01:42:3e:65

The only valid option to display group key information is -g <groupname> . If the -g option is

not specified, the default is to display the user key information.

Exporting group key information

Only the key manager can export a group key. Similar to exporting a user key, the key manager’s

passphrase is required to access the group key. The evfspkey export command then required

a passphrase to protect the file, as follows:

# id

uid=100(keymgr) gid=20(users)

# evfspkey export -f keyout -g testgrp

Enter key manager's passphrase:

Enter passphrase to protect file “keyout”:

Re-enter passphrase to protect file “keyout”:

Export key pair “testgrp.testgrp” to “keyout” successfully

140 Managing keys