Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

151

152

153

154

155

156

157

158

159

160

Key Fingerprint: c1ff371f6d1b15260d2acdefa2d0c4eb593e99e2

Private Key Keywrap: evfs-pbe1

Reset passphrase required: no

Allow passphrase reset by key manger: no

Stored passphrase: no

Problem scenarios

This section describes the following problem scenarios and solutions for the scenarios:

• “evfspkey cannot generate key pairs” (page 153)

• “evfspkey cannot store keys” (page 153)

• “evfsvol cannot retrieve private key” (page 154)

• “evfsvol create fails, EVFS device file not found in evfstab file” (page 154)

• “evfsvol create fails, valid EMD already exists” (page 154)

• “evfsvol disable fails, EVFS volume is busy” (page 155)

• “evfsadm map fails, invalid device” (page 155)

• “EMD Is dirty” (page 155)

• “evfsvol enable fails, EMD backup not found” (page 156)

• “evfsvol cannot create an EVFS volume” (page 157)

evfspkey cannot generate key pairs

Symptom

The evfspkey keygen command fails and evfspkey displays a message similar to the following:

evfspkey: keygen error: cannot generate key pair

Description

The evfspkey utility cannot generate a key pair because no cryptography threads are running.

Solution

Use the evfsadm start command to start the EVFS subsystem and kernel cryptography threads.

evfspkey cannot store keys

Symptom

The evfspkey keygen command fails and evfspkey displays a message similar to the following:

evfspkey: keygen error: cannot store public key "user_name.key_name",

key loading failure

Description

The evfspkey utility cannot store a public key file in the EVFS key database.

Solution

Verify that the account exists for the owner of the key pair. If you are creating a recovery key pair,

verify that the EVFS pseudo-user account exists. The user name for the EVFS pseudo-user is set using

the evfs_user attribute in the file /etc/evfs/evfs.conf. The default name is evfs.

Determine the directories used for the key database by checking the pub_key attribute statement

in the /etc/evfs/evfs.conf file. By default, EVFS stores the user key database in subdirectories

below the /etc/evfs/pkey/users directory. Verify that the attribute statement contains no line

breaks. Verify the file permissions, owner and group for the directories, as described in the section,

“Restoring user keys” (page 67).

Problem scenarios 153