Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
61626364656667686970
Enabling encryption and decryption access to EVS volumes
The following evfsvol enable commands enable EVFS encryption and decryption access to
EVS volumes. The EVS volumes must already be configured, as described in “Preparing EVFS for
configuration” (page 28). You can use the evfsvol enable command in the following ways:
To enable a single EVS volume without a stored passphrase:
evfsvol enable [-k keyname] evfs_volume_path
You must be the volume owner or an authorized user for the volume to execute this command.
To enable a single EVS volume with a stored passphrase and an entry in the /etc/evfs/
evfstab file:
evfsvol enable -p evfs_volume_path
To enable EVFS encryption and decryption for all volumes in the file /etc/evfs/evfstab
that include a key ID field:
evfsvol enable -a
where:
-a Causes EVFS to enable encryption and decryption for all volumes in the
/etc/evfs/evfstab file.
-p Causes EVFS to use a stored passphrase to enable encryption and
decryption for the named EVS volume. The /etc/evfs/evfstab file
must contain an entry for this volume with a key ID field.
-k keyname Specifies the key name. If you do not specify -k keyname, evfspkey
uses the user name as the key name.
Valid value: An ASCII string, 1 to 255 characters long.
evfs_volume_path Specifies the absolute pathname for the EVS volume device file, such as
/dev/evfs/vg01/lvol5, /dev/evfs/vx/dsk/rootdg/vol05,
or /dev/evfs/dsk/c2t0d1.
Disabling encryption and decryption access to EVS volumes
The evfsvol disable command disables encryption and decryption access to EVS volumes.
The evfsvol disable command fails if a file system is mounted on the EVS volume or if the
EVS volume device file is opened by any process.
Use the following procedure to disable encryption and decryption access to a volume:
1. For data consistency, stop all applications accessing the data. You can use the fuser -cu
command to determine the processes accessing files, and the fuser -cku command to
terminate the processes. For more information, see fuser(1M).
If the data is used by system processes, you might need to terminate the processes by changing
the system runlevel to single-user level with the shutdown utility. For more information, see
the shutdown(1M) manpage.
2. If you have a file system mounted on the EVS volume, use the umount command to unmount
the file system. For more information, see umount(1M).
64 Administering EVS