Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
41424344454647484950
for an authorized user and creating the passphrase file for the authorized user key pair instead
of the owner key pair.
To create encrypted backup media on a tape device, a user must have an authorized user
key pair for the volume. (The user must execute the evfsvol disable command as part of
the backup procedure, which requires an EVFS authorized user key or owner key pair.)
Creating and configuring an authorized user key pair will enable a non-owner to create
encrypted backup media.
You can create multiple key pairs for each user. For example, if a user is the owner of multiple
EVS volumes, you can create a unique key pair for each volume that the user owns.
Creating keys for EVS volume owners
Use the following evfspkey keygen command to create key pairs for EVS volume owners:
evfspkey keygen [-r | [-p [-u user] | -s [-u user]] [-c cipher] [-k
keyname] [-m keywrap]
where:
-p Causes evfspkey to prompt for passphrase. The evfspkey utility prompts you
for a passphrase and store the passphrase in an encrypted file. The passphrase
must contain at least eight characters.
CAUTION: A stored passphrase enables you to use the EVFS autostart feature
but it is a security risk.
-s Causes evfspkey to generate a passphrase automatically. The evfspkey utility
generates a passphrase for you and stores the passphrase in an encrypted file.
-c cipher Specifies the type of public/private (cipher) keys to create.
Valid values:
rsa-1024 (RSA 1024-bit keys)
rsa-1536 (RSA 1536-bit keys)
rsa-2048 (RSA 2048-bit keys)
Default for PA: rsa-1536
Default for IA: rsa-2048
-u user Specifies the user name of the key owner. If you do not specify -u user,
evfspkey uses your user name as the key owner. You must have superuser
privileges or the appropriate privileges to create a key pair for another user.
-k keyname Specifies the key name. If you do not specify -k keyname, evfspkey uses the
user name as the key name.
Valid value: An ASCII string, 1 to 255 characters long.
-m keywrap Specifies the module used to decrypt or encrypt private keys.
NOTE: Do not use the -s option when creating a key pair for an EVS volume owner. The -s
option does not prompt for a passphrase. It automatically generates the passphrase, so there is
no way for you to know the passphrase. You must know the owner key's passphrase when creating
an EVS volume.
Example
In the following example, the root user creates a key with the rootkey1 key name :
# evfspkey keygen -k rootkey1
Enter passphrase:(enter a passphrase)
Re-enter passphrase:(re-enter the passphrase to confirm it)
42 EVS keys and user privileges