Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
-r Specifies that you want to delete recovery user keys.
-p Specifies that you only want to delete the stored passphrase for the private key.
-k keyname Specifies the name of the key pair you want to delete. If you do not specify this
option, evfsvol uses the user name as the key name.
Changing the passphrase for a key
Use the evfspkey passgen command to change the passphrase for an existing private key.
You must have superuser privileges to change the passphrase for a key that you do not own. If a
stored passphrase does not exist for the current passphrase, evfspkey prompts you for the current
passphrase.
The syntax for changing the passphrase for a volume owner or authorized user key is as follows:
evfspkey passgen [-u username] [-k keyname]
The syntax for changing the passphrase for a recovery key is as follows:
evfspkey passgen -r recovkey_file
where:
-u username Specifies the name of the user for the passphrase you want to delete. If
you do not specify this argument, evfsvol uses your user name.
-k keyname Specifies the name of the key pair that corresponds to the passphrase
you want to change. If you do not specify this option, evfsvol uses
the user name as the key name.
-r recovkey_file Specifies the name of the file that contains the recovery user's private
key, for example, /tmp/recovery.priv. HP recommends that you
store the recovery user's private key off line and restore only when
needed.
Creating or changing a stored passphrase for an existing key
Use the evfspkey passgen command to create or change a stored passphrase for an existing
private key. You must have superuser privileges to create a stored passphrase for a key that you
do not own. If the current passphrase has not been previously stored, the evfspkey command
prompts you for the current passphrase.
EVFS encrypts stored passphrases with system-specific information. A stored passphrase is usable
only on the system on which it was created.
CAUTION: A stored passphrase enables you to use the EVFS autostart feature, but it is a security
risk.
evfspkey passgen –f|–p|–s [-u username] [-k keyname]
where:
-f Causes evfspkey to create a stored passphrase. The evfspkey utility prompts
you for the current passphrase and stores the passphrase in an encrypted file.
-p Causes evfspkey to change the current passphrase and create a stored
passphrase. If the current passphrase is not stored, evfspkey prompts you for
the current passphrase. The evfspkey utility prompts you for a new passphrase,
then stores the new passphrase in an encrypted file. The passphrase must be
at least eight characters.
-s Causes evfspkey to to generate a new passphrase and store it. If the current
passphrase is not stored, evfspkey prompts you for the current passphrase.
The evfspkey utility generates a passphrase for you and stores the passphrase
in an encrypted file.
70 Administering EVS