Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

in “Creating recovery keys (page 43). The procedure for adding a recovery key to an EVS volume
is described in “Step 1d: (Optional) Adding recovery keys and authorized user keys” (page 48).)
evfsvol assign -u newowner [-r recoveryprivkeyfile] [-k keyname]
evfs_volume_path
where:
-u newowner Specifies the name of the new owner for the EVS volume.
-r recoveryprivkeyfile Specifies the name of the file containing private key that
corresponds to a recovery user's key in the EMD. If you do not
specify this option, you must be the EVS volume owner to
execute this command; evfsvol prompts you for the
passphrase for the owner's key.
-k keyname Specifies the key pair name for the new owner. If you do not
specify this option or the -r option, evfsvol uses the owner's
user name as the key pair name.
evfs_volume_path Specifies the absolute pathname for the EVS volume device
file, such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or
/dev/evfs/dsk/c2t0d1.
Recovering from problems with owner keys
If the keys for an owner of an EVS volume cannot be restored or are compromised, or if the owner
forgets the passphrase for the private key, you must use the recovery user's private key to assign
a new owner for the EVS volume. For more information, see the section “Changing owner keys
for an EVS volume” (page 68).
Removing keys from an EVS volume
Use the following evfsvol delete command to remove a key record pair from an EVS volume.
You must be the owner of the EVS volume to execute this command.
evfsvol delete [-u username|-r] [-k keyname] evfs_volume_path
where:
-u username Specifies the user name for the keys you want to delete from the volume.
If you do not specify this argument or the -r option, evfsvol uses your
user name.
-r Specifies that you want to delete recovery user keys.
-k keyname Specifies the name of the key pair you want to delete. If you do not
specify this option, evfsvol uses the user name as the key name.
evfs_volume_path Specifies the absolute pathname for the EVS volume device file, such as
/dev/evfs/vg01/lvol5, /dev/evfs/vx/dsk/rootdg/vol05,
or /dev/evfs/dsk/c2t0d1.
Removing user keys or stored passphrase from the EVFS key database
Use the evfspkey delete command to remove a user key pair from the EVFS key database
or to remove the passphrase for a private key. You must have superuser privileges to delete a key
pair or passphrase that you do not own.
evfspkey delete [-u username|-r] [-p] [-k keyname]
where:
-u username Specifies the user name for the keys you want to delete from the database. If
you do not specify this argument or the -r option, evfsvol uses your user
name.
Managing EVFS keys and users 69