Manualshelf

HP-UX 11i Encrypted Volume and File System (EVFS) Best Practice (2009)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
6789101112131415
13
Deprecation of Owner keys
Owner keys need to be deprecated if the keys are compromised or are irretrievable (e.g. key
corruption, forgotten passphrase, etc.). Under this situation, it is possible for multiple keys to
have the same key-id, but their fingerprints are different. Administrators and users need to
ensure the correct key pair is used when accessing the encrypted content.
EVS mode
Replacing the owner key of an encrypted volume requires either the recovery key or the owner
key. The deprecated keys should be archived so any previous backup data can be retrieved.
EFS mode
Replacing the owner key of encrypted files is more complicated since EVFS 2.0 does not
support multiple keys per user in a secure session. It is recommended that all encrypted files with
the previous key are re-encrypted with the new owner key. This can be done if the files can be
accessed by either:
Previous owner key,
group key or
recovery agent key.
Note that replacing the owner key or group key of an encrypted file requires the recovery key.
Copy and moving of encrypted files (EFS mode only)
EVFS delivers a set of wrapper commands (cp and mv) to prevent unintended decryption of
encrypted files. But there may be other situations where inadvertent decryption might happen.
Administrator should monitor if there are any unintended copying or moving of encrypted files,
either by users, applications or scripts. Periodic auditing of encrypted file must be done to
ensure data are not accidentally exposed.
Encrypted sparse files (EFS mode only)
Spare files are used by most UNIX file system to optimize disk usage when the files are largely
empty. On HP-UX, most commands to copy files (e.g. cp, tar, etc.) do not preserve the sparse
file. Because of this, care needs to be taken when accessing raw
encrypted sparse file. If the
“holes” in the spare files were converted to zeros during raw access, these holes will then
contain garbage when accessed again through EVFS. This can be problematic since most UNIX
applications expect these holes to contain zeros.
In HP-UX 11i EVFS 2.0, the evfsfile encrypt command expands a sparse file after
encryption. The command evfsfile rekey also expand an encrypted sparse file after the
rekeying operation.