Administrator's Guide
Figure 1-3 Enabling an EVFS Volume
1
evfsvol enable my_evol
Enter passphrase: my_passphrase
2
my_passphrase decrypts user 1’s private key
3
User 1’s private key decrypts the key record to extract the volume encryption key.
4
EVFS uses the volume encryption key to encrypt and decrypt the volume data as needed.
Key Names and Key IDs
Each public/private key pair has an owner and a key name. A user can have multiple
public/private key pairs. The default key name (the name EVFS uses if you do not specify a key
name) is the owner's user account name.
Public/private key pairs are also identified by a key ID formed by concatenating the owner's
user account name and the key name, separated by a period (.). For example, the user bob owns
the key pair named bobkey1. The key ID for this key pair is bob.bobkey1.
User Key and Passphrase Storage
By default, EVFS stores keys in a local database under the directory /etc/evfs/pkey. EVFS
creates a subdirectory for each user who owns EVFS user keys. The subdirectory name is the
user account name.
File Names
When using the default key storage directory, EVFS uses the following directory and file names
to store user keys:
Public Key
/etc/evfs/pkey/user_name/key_name.pub, where user_name
is the key owner's name and key_name is the key name.
Private Key
/etc/evfs/pkey/user_name/key_name.priv, where
user_name is the key owner's name and key_name is the key name.
Stored Passphrase
/etc/evfs/pkey/user_name/key_name.pass.nnn, where
user_name is the key owner's name, key_name is the key name,
and nnn is a number based on system-specific data.
Alternate Storage Databases and Distributed Key Storage
You can configure EVFS to use different file directories for the user key database that contains
the public keys, private keys, and stored passphrases. The directories can be local directories or
remote directories that are NFS-mounted. You can also configure EVFS to use different database
directories according to the data type (key type or stored passphrase), and to use fallback
directories if attempts to store key data fail.
EVFS Architecture 23