Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

151

152

153

154

155

156

157

158

159

160

The algorithm used to create a message digest value for the EMD, such as Secure

Hash Algorithm 1 (SHA-1/SHA-2). EVFS uses the message digest value and other

information to verify the contents of the EMD.

Digest

Owner key ID for the volume, in the format user_name.key_name.Owner Key ID

Recovery keys configured for the volume, in the format user_name.key_name.Recovery Agent Key IDs

Total number of recovery key pairs configured for the volume. The maximum is

Total Recovery Agent Keys

User keys configured for the volume, in the format user_name.key_name.User Key IDs

Total number of user key pairs configured.Total User Keys

Verifying the EMD (evfsvol check)

The evfsvol check command verifies the integrity of the EMD for an encrypted volume. You

must disable the EVFS volumes you want to check before executing the evfsvol check command.

If the verification fails, you can use the evfsvol restore command to restore the previous

version of the EMD. For more information, see “Recovering from EMD corruption” (page 71).

Syntax

evfsvol check -a|evfs_volume_path

where:

-a Checks the EMD for all EVFS volumes in the /etc/evfs/evfstab

file.

evfs_volume_path Specifies the absolute pathname for the EVFS volume device file, such

as /dev/evfs/vg01/lvol5, /dev/evfs/vx/dsk/rootdg/vol05,

or /dev/evfs/dsk/c2t0d1. The evfsvol utility verifies the EMD

for the volume. EVFS must be disabled for the volume.

Example

In the following example, the user verifies the EMD for the /dev/evfs/vg01/lvol5 volume:

# evfsvol check /dev/evfs/vg01/lvol5

Encrypted volume "/dev/evfs/vg01/lvol5" status: OK

Encrypted volume "lvol5" has been successfully checked.

Verifying user keys (evfspkey lookup)

The evfspkey lookup command retrieves key pairs from the key storage data base and displays

information about the keys, such as the encryption algorithm.

Syntax

evfspkey lookup [-u user|-r] [-k keyname]

where:

-u user Specifies the user name of the key owner. If you do not specify -u user,

evfspkey uses your user name as the key owner. You must have superuser or

the appropriate privileges to look up a key pair for another user.

-r Causes evfspkey to display information about the recovery user key pair.

-k keyname Specifies the key name. If you do not specify -k keyname, evfspkey uses the

user name as the key name.

Example

In the following example, the user verifies that the key rootkey exists for the root user.

# evfspkey lookup -u root -k rootkey1

Key ID: root.rootkey1

Key Cipher: rsa-2048

152 Troubleshooting EVFS