Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
II Encrypted Volume System (EVS)..................................................................36
5 EVS keys and user privileges..................................................................40
User privileges and permissions...........................................................................................40
EVS volume owner keys......................................................................................................40
Recovery keys....................................................................................................................40
Authorized user keys...........................................................................................................40
Summary of key type and privileged user capabilities.............................................................40
Creating keys....................................................................................................................41
Guidelines for creating user keys.....................................................................................41
Creating keys for EVS volume owners..............................................................................42
Example..................................................................................................................42
Creating recovery keys...................................................................................................43
Storing the recovery user's private key.........................................................................43
Examples................................................................................................................43
Creating keys for authorized users...................................................................................43
Examples................................................................................................................44
6 Configuring an EVS volume...................................................................45
Configuration overview.......................................................................................................45
Option 1: Creating a new EVS volume..................................................................................45
Step 1: Configuring an EVS volume.................................................................................45
Step 1a: Creating an LVM or VxVM volume for EVFS....................................................46
Examples............................................................................................................46
Step 1b: Creating EVS volume device files...................................................................46
Examples............................................................................................................47
Step 1c: Creating the EMD........................................................................................47
Example.............................................................................................................48
Step 1d: (Optional) Adding recovery keys and authorized user keys................................48
Step 1e: Enabling the EVS volume..............................................................................49
Example.............................................................................................................50
Step 2: Creating and mounting a file system on an EVS volume...........................................50
Step 2a: Creating a new file system with newfs............................................................50
Example.............................................................................................................50
Step 2b: (Optional) Using fsck to check the file volume..................................................51
Example.............................................................................................................51
Step 2c: Creating the mount point..............................................................................51
Example.............................................................................................................51
Step 2d: Mount the file system on the EVS volume.........................................................51
Example.............................................................................................................51
Step 2e: (Optional) Adding an entry to /etc/fstab........................................................52
Example.............................................................................................................52
Step 3: Verifying the configuration...................................................................................52
evfsadm stat -a.........................................................................................................52
evfsvol display evfs_volume_path................................................................................52
Verifying data encryption..........................................................................................53
Example.............................................................................................................54
Step 4: (Optional) Migrating existing data to an EVS volume..............................................54
Example..................................................................................................................54
Step 5: Backing up your configuration.............................................................................55
Option 2: Converting a volume with existing data to an EVS volume (inline encryption)..............55
Step 1: Preparing the file system and data........................................................................55
Step 2: Performing inline encryption................................................................................56
iencrypt: Inline encryption..........................................................................................56
Suspending an ongoing inline encryption...............................................................57
Re-starting a suspended inline encryption................................................................57
4 Contents