Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
61626364656667686970
data. Entities writing data to the EVS volume write directly to the underlying disk; EVFS does not
encrypt the text.
CAUTION: Writing data to or reading data from an EVS volume when it is opened for raw access
can cause data corruption. HP recommends that you use this operation only when creating encrypted
backup media or restoring encrypted backup media, as described in “Backing up EVS volumes
(page 78).
Use the following procedure to open raw access to an EVS volume:
1. Disable encrypted and decrypted access to the EVS volume using the evfsvol disable
command, as described in “Disabling encryption and decryption access to EVS volumes
(page 64). You must be the volume owner or an authorized user for the volume to disable the
volume.
2. Enter the evfsvol raw command. The syntax is as follows:
evfsvol raw evfs_volume_path
where:
evfs_volume_path Specifies the absolute pathname for the EVS volume device file,
such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or /dev/evfs/dsk/
c2t0d1.
Closing raw access to EVS volumes
Use the following evfsvol close command to close raw access to a volume. After you close
raw access, you can enable encrypted and decrypted access to the volume using the evfsvol
enable command.
You must be the volume owner or an authorized user for the volume to execute the evfsvol
close command.
evfsvol close evfs_volume_path
where:
evfs_volume_path Specifies the absolute pathname for the EVS volume device file, such as
/dev/evfs/vg01/lvol5, /dev/evfs/vx/dsk/rootdg/vol05,
or /dev/evfs/dsk/c2t0d1.
Managing EVFS keys and users
This section describes the following procedures for managing EVFS keys and users:
“Displaying key IDs for an EVS volume” (page 66)
“Restoring user keys” (page 67)
“Changing owner keys for an EVS volume” (page 68)
“Recovering from problems with owner keys” (page 69)
“Removing keys from an EVS volume” (page 69)
“Removing user keys or stored passphrase from the EVFS key database” (page 69)
“Changing the passphrase for a key” (page 70)
“Creating or changing a stored passphrase for an existing key” (page 70)
Displaying key IDs for an EVS volume
Use the following evfsvol display command to display EMD information for EVS volumes,
including the owner key ID, recovery key IDs, and authorized user key IDs. The evfsvol display
66 Administering EVS