Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
919293949596979899100
The evfsvol utility prompts you for the passphrase if a stored passphrase does not exist.
5. Open raw access to the backup EVS volume using the evfsvol raw command.
CAUTION: After you open the volume for raw access, any entity reading data from the EVS
volume receives encrypted data. Any entity writing data to the EVS volume writes directly to
the underlying disk; EVFS does not encrypt the text. HP recommends that you use the evfsvol
raw command only when creating encrypted backup media or restoring encrypted backup
media.
The syntax for the evfsvol raw command is as follows:
evfsvol raw evfs_volume_path
where evfs_volume_path is the absolute pathname for the EVS volume device file.
For example:
# evfsvol raw /dev/evfs/vg01/lvol5
6. Use a file-based utility or a block device utility, such as dd, to copy data from the backup EVS
volume to the target device. For example:
# dd bs=64k if=/dev/evfs/vg01/lvol5 of=/dev/rmt/0m
7. Close raw access to the backup EVS volume using the evfsvol close command to begin
the procedure to return the volume to its original state. For example:
# evfsvol close /dev/evfs/vg01/lvol5
8. Enable the EVS volume using the evfsvol enable command and remount the file system
on the EVS volume.
Example
In the following example, /dev/evfs/vg01/lvol5 is the source volume, and /dev/rmt/0m
is the target tape device. The dd command receives encrypted text from the source EVS volume
because it is open for raw access.
# fuser -cku /opt/encrypted_data
# umount /dev/evfs/vg01/lvol5
# evfsvol disable -k my_key /dev/evfs/vg01/lvol5
# evfsvol raw /dev/evfs/vg01/lvol5 (EVFS prompts if you want to continue)
# dd bs=64k if=/dev/evfs/vg01/lvol5 of=/dev/rmt/0m
# evfsvol close /dev/evfs/vg01/lvol5
# evfsvol enable -k my_key /dev/evfs/vg01/lvol5
# mount -F vxfs /dev/evfs/vg01/lvol5 /opt/encrypted_data
Creating encrypted backup media on a second EVS volume using a block device utility (nonmirrored
volumes)
Use the following procedure to perform an offline backup and create encrypted media on a second
EVS volume. You must have the appropriate file permissions to access the EVS volume device file.
CAUTION: EVFS must be enabled on both the source volume and target volume. The backup
utility will receive cleartext data from the source EVS volume, and EVS will encrypt the data when
writing it to the target EVS volume.
Do not back up data from a volume with EVFS disabled to a volume with EVFS enabled. If you
do, the data will be encrypted twice.
Backing up EVS volumes 95