Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

5. Use the strings utility and try to find the text. The strings utility will not find the text

because it receives data from the EVS volume in encrypted form.

6. Return the EVS volume to a working state. Close raw access using the following command:

evfsvol close evfs_volume_path

Enable the volume using the following command:

evfsvol enable –k keyname evfs_volume_path

Remount the file system using the mount command.

Example

In the following example, the administrator writes the string TOP SECRET TOP SECRET to the

EVS volume. When the administrator uses the strings command to search the EVS volume for

this string, the search is successful. When the administrator searches the underlying LVM volume

for the same string, the search is unsuccessful.

# echo "TOP SECRET TOP SECRET" > /opt/encrypted_data/my_evfs_test

# strings /dev/evfs/vg01/lvol5 | grep "TOP SECRET"

(The strings command finds the string "TOP SECRET" on the EVS volume.)

TOP SECRET TOP SECRET

(Disable EVFS so we open raw access to the file)

# fuser -cku /opt/encrypted_data

# umount /opt/encrypted_data

# evfsvol disable /dev/evfs/vg01/lvol5

Enter user passphrase: (enter the passphrase)

# evfsvol raw /dev/evfs/vg01/lvol5 (EVFS will print a warning and ask

if you want to continue)

# strings /dev/vg01/lvol5 | grep "TOP SECRET"

(The strings command does not find the string "TOP SECRET")

# evfsvol close /dev/evfs/vg01/lvol5

# evfsvol enable /dev/evfs/vg01/lvol5

Enter user passphrase: (enter the passphrase)

# mount -F vxfs /dev/evfs/vg01/lvol5 /opt/encrypted_data

Step 4: (Optional) Migrating existing data to an EVS volume

Use the following procedure to migrate an existing directory of data to the EVS volume:

a. For data consistency, stop all applications accessing the data. You can use the fuser -cu

command to determine the processes accessing files, and the fuser -cku command to

terminate the processes. For more information, see fuser(1M).

If the data is used by system processes, you might need to terminate the processes by changing

the system runlevel to single-user level with the shutdown utility. For more information, see

shutdown(1M).

b. (Optional) Create a backup of the existing data.

c. Use the cp command or other utility to copy the data from the existing files to an EVS volume.

d. (Optional) Remove the old files or directories. If you migrated all the data from a file system,

you can unmount the old file system. For more information, see umount(1M).

e. (Optional) If you unmounted a file system in the previous step, remove the entry for the file

system from the /etc/fstab file.

f. (Optional) Use the ln command to create a symbolic link from the old directory to the

appropriate directory on the encrypted volume. For more information, see ln(4).

g. Restart applications that use the data as needed.

Example

In the following example, the /opt/encrypted_data directory is located on an EVS volume

has already been created and enabled.

54 Configuring an EVS volume