Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
Contents
HP secure development lifecycle....................................................................11
I Encrypted Volume and File System (EVFS).....................................................12
1 Overview.............................................................................................14
EVFS architecture...............................................................................................................14
Features and benefits..........................................................................................................15
Supported software............................................................................................................17
Product limitations and precautions......................................................................................18
2 EVFS data and keys..............................................................................21
EVFS data flow..................................................................................................................21
Encryption metadata (EMD).................................................................................................21
EVFS encryption keys..........................................................................................................22
Volume and file encryption keys......................................................................................22
User keys.....................................................................................................................22
Passphrases.............................................................................................................22
Stored passphrases..............................................................................................22
Using HP-UX Trusted Computing Services with EVFS...........................................................23
How EVFS uses keys......................................................................................................23
Key names and key IDs.......................................................................................................23
User key and passphrase storage.........................................................................................23
File names....................................................................................................................24
Alternate storage databases and distributed key storage....................................................24
3 EVFS installation...................................................................................25
Prerequisites......................................................................................................................25
Installing EVFS...................................................................................................................25
Upgrading to EVFS v2.1......................................................................................................26
Uninstalling EVFS...............................................................................................................27
4 Preparing EVFS for configuration............................................................28
Verifying for preconfiguration..............................................................................................28
Preparation overview..........................................................................................................28
Step 1: Configuring an alternate EVFS pseudo-user.................................................................29
Step 1a: Setting the evfs_user attribute.............................................................................29
Example..................................................................................................................29
Step 1b: Creating the user group....................................................................................29
Example..................................................................................................................29
Step 1c: Creating the EVFS pseudo-user account...............................................................29
Example..................................................................................................................29
Step 2: (Optional) Configuring alternate key database directories............................................30
Syntax for pub_key, priv_key, and pass_key attribute statements..........................................30
Key storage directory requirements..................................................................................31
Default pub_key, priv_key and pass_key attribute statements...............................................31
Example: Alternate directory for public keys......................................................................32
Example: NFS directory for public and private keys...........................................................32
Step 3: (Optional) Modifying EVFS global parameters............................................................32
Step 4: Configuring FIPS compliant EVFS..............................................................................33
Step 4a: Configure HP-UX KCM to enable FIPS mode........................................................33
Step 4b: Restrict HP-UX EVFS using FIPS qualified cipher suites............................................33
Step 5: Starting the EVFS subsystem.....................................................................................33
Example......................................................................................................................34
Step 6: (Optional) Configuring the autostart feature................................................................34
Contents 3