Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

2. Copy the owner's public and private keys files to removable media. You must restore these
files on the destination system.
By default, EVFS stores the user key database in subdirectories below
/etc/evfs/pkey/users, with a subdirectory for each user. The administrator can configure
alternate database directories using the pub_key, priv_key, and pass_key attributes in
the /etc/evfs/evfs.conf file. Using the default key storage directory, the key file names
are:
Public Key /etc/evfs/pkey/users/user_name/key_name.pub, where
user_name is the key owner's name and key_name is the key name.
Private Key /etc/evfs/pkey/users/user_name/key_name.priv, where
user_name is the key owner's name and key_name is the key name.
3. For data consistency, stop all applications accessing the data. You can use the fuser -cu
command to determine the processes accessing files, and the fuser -cku command to
terminate the processes. For more information, see fuser(1M).
If the data is used by system processes, you might need to terminate the processes by changing
the system runlevel to single-user level with the shutdown utility. For more information, see
shutdown(1M).
4. Create a cleartext backup copy of the data or copy the cleartext data from the EVS volume
to another disk device using a utility such as fbackup, cp or tar.
5. If you have a file system mounted on the EVS volume, use the umount command to unmount
the file system. For more information, see umount(1M).
6. Use the following command to disable encryption and decryption access to the volume:
evfsvol disable [-k keyname] evfs_volume_path
For more information, see “Disabling encryption and decryption access to EVS volumes
(page 64).
7. Use the following evfsvol export command to remove the EVS volume device files and
delete the device entries in kernel registry:
evfsvol export evfs_volume_path
where:
evfs_volume_path Specifies the absolute pathname for the EVS volume device file,
such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or /dev/evfs/dsk/
c2t0d1.
Importing an EVS volume
Use the following procedure to import an EVS volume. If you are using LVM, use this procedure
after importing the volume group using vgimport, and repeat the procedure for each volume in
the group.
1. Copy the key files saved from the source system to the target system. Use the procedure
described in “Restoring user keys” (page 67) to install the key files from the source system on
the target system.
2. Use the following evfsvol import command to create the EVS volume device files and
add the entries in kernel registry:
evfsvol import volume_path
where:
volume_path Specifies the path for the underlying LVM, VxVM, or physical volume device
file, such as /dev/vx/dsk/rootdg/vol01, /dev/vg01/lvol5, or
/dev/dsk/c0d0t2.
Exporting and importing EVS volumes 75