Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

command also displays operating parameters for the EVS volume, including the volume encryption

algorithm and the underlying LVM, VxVM, or physical volume device file name.

Syntax

evfsvol display [-a|evfs_volume_path]

where:

-a Displays the EMD information for all configured EVS volumes.

-evfs_volume_path Specifies the absolute pathname for the EVS volume device file, such

as /dev/evfs/vg01/lvol5,

/dev/evfs/vx/dsk/rootdg/vol05, or /dev/evfs/dsk/

c2t0d1. The evfsvol utility displays the EMD information for the

volume.

Example

The output for the evfsvol display evfs_volume_path is similar to the following:

# evfsvol display /dev/evfs/vg01/lvol5

EVFS Volume Name: /dev/evfs/vg01/lvol5

Mapped Volume Name: /dev/vg01/lvol5

EVFS Volume State: enabled

EMD Size (Kbytes): 520

Max User Envelopes: 1024

Data Encryption Cipher: aes-128-cbc

Digest: sha2

Owner Key ID: root.rootkey1

Recovery Agent Key IDs: evfs.evfs

Total Recovery Agent Keys: 1

User Key IDs: root.admink

Total User Keys: 1

The Owner Key ID, Recovery Agent Key IDs, and User Key IDs fields show the key

IDs configured for the volume.

Restoring user keys

Use the following procedure to restore user key files from backup media:

1. Verify the directory structure for the key database, and re-create it if necessary. By default,

EVFS stores the user key database in subdirectories below the /etc/evfs/pkey/users

directory, with a subdirectory for each user. The administrator can configure alternate database

directory or directories using the pkey attribute in the /etc/evfs/evfs.conf file.

HP recommends that the primary directory is writable only by superusers. For example, the

/etc/evfs/pkey directory is installed with the following permissions, owner, and group:

drwxr-xr-x 4 bin bin 96 Mar 16 17:26 pkey

You must create the directory users as a subdirectory of the directory configured with pkey

attributes. By default when the first user key is created, EVFS automatically creates the

/etc/evfs/pkey/users directory with the following permissions, owner, and group:

drwxr-xr-x 4 root sys 96 Aug 16 17:26 users

Make sure that the users directory is in place before you can create subdirectories for each

user.

2. Create the appropriate directory for each user, such as /etc/evfs/pkey/users/root.

Each directory must have the following permissions, owner, and group:

drwxr-xr-x 2 user sys 96 Mar 16 17:27 user

3. Create a directory to store the recovery keys. If you are using the default name for the EVFS

pseudo-user account and the default key storage directory, create the /etc/evfs/pkey/

Managing EVFS keys and users 67