Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

151

152

153

154

155

156

157

158

159

160

B Product specifications

This appendix contains product specification information, including file names.

User files

EVFS uses the following directories and files for configuration and other runtime data:

• /etc/evfs/emd: Default directory for storing backup EMD data.

• /etc/evfs/evfs.conf: Configuration file for global EVFS parameters, such as the recovery

user name, encryption algorithm for volume data encryption, and directories for the user key

database.

• /etc/evfs/evfs_cryptx.conf: Configuration file for encryption libraries. Do not modify

this file.

• /etc/evfs/evfstab: File containing information about EVFS volumes. The evfsadm

utility adds and deletes entries for EVFS volumes in this file. Administrators need to modify this

file only when configuring the autostart feature.

• /etc/evfs/pkey/users: Default parent directory for the user key database.

• /etc/evfs/pkey/groups: Default parent directory for the group key database.

• /etc/evfs/pkey/users/evfs: Default parent directory for recovery user public keys.

• /etc/rc.config.d/evfs: Global EVFS configuration file read at system startup.

Commands and tools

EVFS provides the following commands:

• Equivalent HP-UX commands: These commands are wrappers for regular HP-UX commands

to enforce encrypted file semantics. These commands are located in /opt/evfs/bin. The

evfsauth and evfsrun commands prepend this path to the PATH environment variable.

• Encrypted file operation evfsfile: Displays and sets parameters for files and directories

encryption.

• Secure session evfsauth: Loads, unloads, and lists user keys.

• Access raw encrypted content evfsxfr: This command is used to access and transfer

encrypted files as is. The examples are backup/restore and ftp.

• Non-interactive secure session evfsrun: Creates an EFS secure session, mostly for auto-boot.

Only the root user can use this command and the user passphrase must to be stored.

• /usr/sbin/evfsadm: Utility for administering EVFS (starting and stopping EVFS), mapping

volumes to EVFS (creating EVFS volume device files), mapping files to EVFS (and load recovery

key), and other administrative tasks.

• /usr/sbin/evfspkey: Utility for creating and managing user keys, group keys, key

manager, and passphrases.

• /usr/sbin/evfsvol: Utility for creating and enabling EVFS file and volumes, displaying

information about EVFS file and volumes, adding user keys to EVFS file and volumes, and

other file and volume management tasks.

EVFS provides the following startup and shutdown scripts:

• /sbin/init.d/evfs_local: Startup and shutdown script for enabling and disabling EVFS

volumes that have key information stored on the root disk of the local system.

• /sbin/init.d/evfs_local2: Startup and shutdown script for enabling and disabling

EVFS volumes that have key information stored on a nonroot disk of the local system.

• /sbin/init.d/evfs_remote: Startup and shutdown script for enabling and disabling

EVFS volumes that have key information stored on a remote system.

User files 159