Manualshelf

Encrypted Volume and File System v2.2 Release Notes (777845-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
12345678910
1 EVFS
EVFS (Encrypted Volume and File System) is an application-transparent technology providing
protection of data at rest.
With EVFS, critical files and data at rest (on disk) are stored in encrypted form on disk. EVFS
safeguards against compromised use of and unauthorized access to data due to physical theft of
storage devices. The data encryption is based on a secret-key cryptosystem and runs as an integrated
kernel service transparent to the user. On IA, EVFS is integrated with KCM (HP-UX Kernel Crypto
Module).
With HP-UX EVFS, disks and volumes can be configured to be used in one of two modes -
volume-level encryption (EVS) or file-level encryption (EFS).
NOTE:
EVS is supported with HP-UX 11i v2 update 2 and later.
EFS is supported with HP-UX 11i v3 and later.
You can use a volume or a disk for either EFS or EVS, but not both.
Features
Data protection that is file-system independent
When configured in volume mode (EVS), EVFS supports all disk file system types that can be
mounted on a LVM, VxVM, or physical volume, including High Performance File System (HFS)
and Veritas File System (VxFS, also referred to as Journaled File System, or JFS). EFS mode
only supports HFS and VxFS.
Application transparency
EVFS volumes are implemented as pseudo-devices below the HP-UX file system. No changes
to applications are necessary. When configured in volume mode, EVFS is compatible with
network file sharing utilities, such as Network File System (NFS) and Common Internet File
System (CIFS), and with network file access utilities, such as File Transfer Protocol (FTP) and
remote copy (rcp).
High-performance bulk data encryption using symmetric keys
EVFS encrypts volume data using a symmetric encryption key, referred to as the volume
encryption key. EVFS supports the following symmetric key algorithms for encrypting volume
data:
128-bit key Advanced Encryption Standard Cipher Block Chaining (AES CBC) mode
192-bit key AES CBC mode
256-bit key AES CBC mode
128-bit key Advanced Encryption Standard Cipher FeedBack (AES CFB) mode
192-bit key AES CFB mode
256-bit key AES CFB mode
6 EVFS