Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
71727374757677787980
1. If you are moving the volume to another system, add an authorized user key pair for the
administrator on the destination system. You will use this key pair on the destination system.
a. Create a new key pair for the administrator on the destination system using the following
criteria:
The user account for the key owner must exist on the destination system.
The key name must be unique for the owner on the destination system.
You must know the passphrase for the private key, so do not specify the -s option
for the evfspkey command. When you use the -s option, EVFS generates and
stores the passphrase for you, and you cannot retrieve the passphrase. Stored
passphrase files are encrypted with system-specific information, so a stored passphrase
created on one system is unusable on any other system.
Use the following evfspkey keygen command syntax:
evfspkey keygen [-c cipher] [-u user] [-k keyname]
where:
-c cipher Specifies the type of public/private keys to create.
Valid values:
rsa-1024 (RSA 1024-bit keys)
rsa-1536 (RSA 1536-bit keys)
rsa-2048 (RSA 2048-bit keys)
Default for PA: rsa-1536
Default for IA : rsa-2048
-u user Specifies the user name of the key owner. This must be a valid user
name on the destination system. If you do not specify -u user,
evfspkey uses your user name as the key owner. You must have
superuser or the appropriate privileges to create a key pair for another
user.
-k keyname Specifies the key name. Specify a key name that does not already exist
for the key owner on the destination system. If you do not specify -k
keyname, evfspkey uses the user name as the key name.
Valid value: An ASCII string, 1 to 255 characters long.
The evfspkey utility prompts you for a passphrase to protect the private key.
IMPORTANT: Make a note of this passphrase, because you must specify it when you
administer the EVS volume on the target system.
b. Use the following command to add the key to the EVS volume:
evfsvol add -u user [-k keyname] evfs_volume_path
where:
-k keyname Specifies the name of the key to add. If you do not specify -k
keyname, evfsvol uses your user name as the key name.
evfs_volume_path Specifies the absolute pathname for the EVS volume device
file, such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or /dev/evfs/dsk/
c2t0d1.
74 Administering EVS