Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

4. Use the following command to open the EVS volume for raw access:

evfsvol raw evfs_volume_path

For more information, see “Opening raw access to EVS volumes” (page 65) and the evfsvol(

(1M)) manpage.

CAUTION: After you open the volume for raw access, any entity reading data from the EVS

volume receives encrypted data. Any entity writing data to the EVS volume writes directly to

the underlying disk; EVFS does not encrypt the text. HP recommends that you use the evfsvol

raw command only when creating encrypted backup media or restoring encrypted backup

media.

5. Use the strings utility and try to find the text. The strings utility will not find the text

because it receives data from the EVS volume in encrypted form.

6. Return the EVS volume to a working state. Close raw access using the following command:

evfsvol close evfs_volume_path

Enable the volume using the following command:

evfsvol enable –k keyname evfs_volume_path

Remount the file system using the mount command.

Example

In the following example, the administrator writes the string TOP SECRET TOP SECRET to the

EVS volume. When the administrator uses the strings command to search the EVS volume for

this string, the search is successful. When the administrator searches the underlying LVM volume

for the same string, the search is unsuccessful.

# echo "TOP SECRET TOP SECRET" > /opt/encrypted_data/my_evfs_test

# strings /dev/evfs/vg01/lvol5 | grep "TOP SECRET"

(The strings command finds the string "TOP SECRET" on the EVFS volume.)

TOP SECRET TOP SECRET

(Disable EVFS so we open raw access to the file)

# fuser -cku /opt/encrypted_data

# umount /opt/encrypted_data

# evfsvol disable /dev/evfs/vg01/lvol5

Enter user passphrase: (enter the passphrase)

# evfsvol raw /dev/evfs/vg01/lvol5 (EVFS will print a warning and ask

if you want to continue)

# strings /dev/vg01/lvol5 | grep "TOP SECRET"

(The strings command does not find the string "TOP SECRET")

# evfsvol close /dev/evfs/vg01/lvol5

# evfsvol enable /dev/evfs/vg01/lvol5

Enter user passphrase: (enter the passphrase)

# mount -F vxfs /dev/evfs/vg01/lvol5 /opt/encrypted_data

Step 4: Backing up your configuration

After you have completed your configuration, back up the files and subdirectories under the /etc/

evfs directory.

You must back up the user key database. You cannot re-create lost or corrupt user keys or

passphrases. Determine the directories used for the key database by checking the pkey attribute

statement in the /etc/evfs/evfs.conf file. By default, EVFS stores the user key database in

subdirectories below the /etc/evfs/pkey/users directory.

Examples

This section contains configuration examples for “Option 1” (page 60) and “Option 2” (page 61).

Examples 59