Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
# evfspkey add -u jsmith -g users
Enter key manager's passphrase:
The "users" group access key was successfully added to the user "jsmith" key record.
# evfspkey lookup -u jsmith
Key ID: jsmith.jsmith
Key Cipher: rsa-2048
Key Fingerprint: 6c:a8:6a:5f:77:d1:d5:9c:b9:c3:11:1c:86:0e:a5:e1:e3:79:de:94
Private Key Keywrap: evfs-pbe1
Group access: users
Reset passphrase required: yes
Allow passphrase reset by key manger: no
Stored passphrase: no
Because the users group is not the primary group of the userc user, the key manager is not
allowed to grant to userc the access to the group users:
# evfspkey keygen -u userc
Enter passphrase:
Re-enter passphrase:
Public/Private key pair "userc.userc" has been successfully generated.
# evfspkey add -u userc -g users
evfspkey: add error: user userc's primary group does not exist (gid = 120).
Removing a member from a group key
When a group key is deleted, the group access key is automatically removed from the key records
of its members. Without deleting the group key, the key manager can run the evfspkey delete
-u <username> -g <groupname> command to remove the group access key from its members.
For this specific operation, both -u and -g options must be specified with the evfspkey delete
command. If only the -u option is specified, the command will delete the entire user key. If only
the -g option is specified, the entire group key will be deleted. A user may have multiple keys.
The user key with the default key name (for example, key ID = username.username) is the one
for which we remove the group access information.
Examples
In this example, the key manager deletes the group key of the users group, the group access key
is also deleted from the key records of its members, as follows:
# evfspkey delete -g users
Caution: Are you sure you want to delete the "users.users" public/private key pair?
If you proceed with this operation, the files for the group members will not be sharable.
Answer [yes/no]:yes
users:
Group access key has been removed from user "usera" key record.
Group access key has been removed from user "userb" key record.
Group access key has been removed from user "jsmith" key record.
Public/Private key pair "users.users" has been successfully deleted.
The newgrp group is the primary group of the userd user. The key manager removes the group
access from userd, as follows:
# evfspkey lookup -u userd
Key ID: userd.userd
Key Cipher: rsa-2048
Key Fingerprint: 61:ab:ee:8c:80:9c:bc:f0:68:48:08:af:0b:43:86:0c:ba:20:64:74
Private Key Keywrap: evfs-pbe1
Group access: newgrp
Reset passphrase required: yes
Allow passphrase reset by key manger: no
Stored passphrase: no
# evfspkey delete -u userd -g newgrp
Enter key manager's passphrase:
The "newgrp" group access key was successfully removed from the user "userd" key record.
# evfspkey lookup -u userd
Key ID: userd.userd
Key Cipher: rsa-2048
Key Fingerprint: 61:ab:ee:8c:80:9c:bc:f0:68:48:08:af:0b:43:86:0c:ba:20:64:74
Private Key Keywrap: evfs-pbe1
Reset passphrase required: yes
Allow passphrase reset by key manger: no
Stored passphrase: no
Key manager operations 143