Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
evfs_volume_path Specifies the absolute pathname for the EVS volume device file,
such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or /dev/evfs/dsk/
c2t0d1.
You must be the owner of the EVS volume to add a recovery key. If you do not have a stored
passphrase for the owner key, evfsvol prompts you for the passphrase.
Example
The following command adds the default recovery key to the /dev/evfs/vg01/lvol5
volume. The default recovery key owner and key name is evfs.
# evfsvol add -r /dev/evfs/vg01/lvol5
Enter owner passphrase:
(Enter the passphrase for the recovery key evfs.)
Key "evfs.evfs" has been successfully added to encrypted volume
"/dev/evfs/vg01/lvol5".
ii. Use the following command to add authorized user key pairs for the EVS volume. Authorized
users can perform all the operations on the EVS volume that the owner can, except changing
the EVS volume owner, adding keys to the volume, and destroying the EMD.
evfsvol add -u user [-k keyname] evfs_volume_path
where:
-k keyname Specifies the name of the key to add. If you do not specify -k
keyname, evfsvol uses your user name as the key name.
evfs_volume_path Specifies the absolute pathname for the EVS volume device file,
such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or /dev/evfs/rdsk/
c2t0d1.
You must be the owner of the EVS volume to add an authorized user key. If you do not have
a stored passphrase for the owner's private key, evfsvol prompts you for the passphrase.
Example
In the following example, the EVS volume owner adds an authorized user key pair to the EMD:
# evfsvol add -u init -k initkey /dev/evfs/vg01/lvol5
Enter owner passphrase:
(Enter the passphrase for the owner's key.)
Key ID "init.initkey" has been successfully added to encrypted volume
"/dev/evfs/vg01/lvol5"
Step 1e: Enabling the EVS volume
Use the evfsvol enable command to enable encryption and decryption access for the EVS
volume:
evfsvol enable [-p]|[-k keyname] evfs_volume_path
where:
-p Specifies non-interactive mode. EVFS uses the key ID from the /etc/
evfs/evfstab file and uses a stored passphrase. To use this option,
you must add a key ID to the entry in the /etc/evfs/evfstab file
for this volume and have a stored passphrase for the private key. If you
do not specify this option, evfsvol prompts you for the passphrase for
the private key.
-k keyname Specifies the name of the key pair to use. This must be the owner key
or the key of an authorized user for this EVS volume. If you do not specify
-k keyname, evfsvol uses your user name as the key name.
Option 1: Creating a new EVS volume 49