Manualshelf

Encrypted Volume and File System v2.2 Release Notes (777845-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
12345678910
EVFS encrypts file data using a unique symmetric encryption key, referred to as the file
encryption key. EVFS supports the following symmetric key algorithms for encrypting file data:
128–bit key Advanced Encryption Standard Cipher FeedBack (AES CFB) mode
192-bit key AES CFB mode
256-bit key AES CFB mode
The following algorithms are supported only on IA:
128-bit key AES CBC (Advanced Encryption Standard Cipher Block Chaining) mode
192-bit key AES CBC mode
256-bit key AES CBC mode
Public/private keys protecting symmetric keys
EVFS uses public/private encryption key to protect volume and file encryption keys. EVFS
supports the following public/private key encryption algorithms:
1024-bit key Rivest-Shamir-Adelman (RSA)
1536-bit key RSA
2048-bit key RSA
Passphrase storage and retrieval for automatic start (autostart)
EVFS encrypts private keys with passphrases. In normal operation, EVFS prompts the user for
the passphrase to decrypt and retrieve the private key. To enable EVFS operation during
system startup without human intervention, EVFS provides a mechanism to store a user's
passphrase in a file, encrypted with system-specific data. At system startup, EVFS can
automatically retrieve stored passphrases and use the passphrases to execute EVFS commands.
CAUTION: Stored passphrases provide convenience, but they are security risks.
EFS Secure Session
In order to use EFS, a user needs to be in an EFS secure session (see evfsauth(1)) This session
contains all the necessary credential for a user to access and operate on encrypted files.
Secure session credentials are inherited by its child processes.
Key Management
EVFS provides its own local key management system. It supports encryption keys for both EVS
and EFS. The concept of key manager is introduced in EVFS 2.0.
New and changed features in this release
On IA, HP-UX EVFS v2.2 is FIPS-compliant when used with HPUX-KCM 2.1.
For more information about FIPS compliant, see Configuring FIPS compliant EVFS section in
Encrypted Volume and File System v2.2 Administrator Guide.
Acquiring and installing EVFS
You can acquire and install EVFS free of charge from Software Depot:
http://www.software.hp.com
Enter EVFS into the search box at the top of the page.
New and changed features in this release 7