Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
Contents
5 EVS keys and user privileges......................................................................40
User privileges and permissions................................................................................................40
EVS volume owner keys...........................................................................................................40
Recovery keys........................................................................................................................40
Authorized user keys...............................................................................................................40
Summary of key type and privileged user capabilities..................................................................40
Creating keys.........................................................................................................................41
Guidelines for creating user keys..........................................................................................41
Creating keys for EVS volume owners...................................................................................42
Example......................................................................................................................42
Creating recovery keys.......................................................................................................43
Storing the recovery user's private key..............................................................................43
Examples.....................................................................................................................43
Creating keys for authorized users........................................................................................43
Examples.....................................................................................................................44
6 Configuring an EVS volume.......................................................................45
Configuration overview............................................................................................................45
Option 1: Creating a new EVS volume......................................................................................45
Step 1: Configuring an EVS volume......................................................................................45
Step 1a: Creating an LVM or VxVM volume for EVFS.........................................................46
Examples................................................................................................................46
Step 1b: Creating EVS volume device files........................................................................46
Examples................................................................................................................47
Step 1c: Creating the EMD.............................................................................................47
Example..................................................................................................................48
Step 1d: (Optional) Adding recovery keys and authorized user keys....................................48
Step 1e: Enabling the EVS volume...................................................................................49
Example..................................................................................................................50
Step 2: Creating and mounting a file system on an EVS volume...............................................50
Step 2a: Creating a new file system with newfs.................................................................50
Example..................................................................................................................50
Step 2b: (Optional) Using fsck to check the file volume.......................................................51
Example..................................................................................................................51
Step 2c: Creating the mount point...................................................................................51
Example..................................................................................................................51
Step 2d: Mount the file system on the EVS volume.............................................................51
Example..................................................................................................................51
Step 2e: (Optional) Adding an entry to /etc/fstab.............................................................52
Example..................................................................................................................52
Step 3: Verifying the configuration.......................................................................................52
evfsadm stat -a..............................................................................................................52
evfsvol display evfs_volume_path.....................................................................................52
Verifying data encryption...............................................................................................53
Example..................................................................................................................54
Step 4: (Optional) Migrating existing data to an EVS volume...................................................54
Example......................................................................................................................54
Step 5: Backing up your configuration..................................................................................55
Option 2: Converting a volume with existing data to an EVS volume (inline encryption)...................55
Step 1: Preparing the file system and data.............................................................................55
Step 2: Performing inline encryption.....................................................................................56
iencrypt: Inline encryption..............................................................................................56
Contents 37