Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Encrypted Volume and Filesystem (EVFS)

—r Specifies that the key pair is a recovery key pair.

-k keyname Specifies the name of the key pair to add. If you do not specify -k

keyname, evfsvol uses the EVFS pseudo-user (evfs) as the key

owner and key name. You can configure up to two recovery keys

per EVFS volume. For information about user keys, see “Step 5:

Creating User Key Pairs” (page 44).

evfs_volume_path Specifies the absolute pathname for the EVFS volume device file,

such as /dev/evfs/vg01/lvol5,

/dev/evfs/vx/dsk/rootdg/vol05, or

/dev/evfs/rdsk/c2t0d1.

You must be the owner of the EVFS volume to add a recovery key. If you do not have a

stored passphrase for the owner key, evfsvol prompts you for the passphrase.

Example

The following command adds the default recovery key to the /dev/evfs/vg01/lvol5

volume. The default recovery key owner and key name is evfs.

# evfsvol add -r /dev/evfs/vg01/lvol5

Enter owner passphrase:

(Enter the passphrase for the recovery key evfs.)

Key "evfs.evfs" has been successfully added to encrypted volume

"/dev/evfs/vg01/lvol5".

ii. Use the following command to add authorized user key pairs for the EVFS volume.

Authorized users can perform all the operations on the EVFS volume that the owner can,

except changing the EVFS volume owner, adding keys to the volume, and destroying the

EMD.

evfsvol add -u user [-k keyname] evfs_volume_path

where:

-k keyname Specifies the name of the key to add. If you do not specify -k

keyname, evfsvol uses your user name as the key name.

evfs_volume_path Specifies the absolute pathname for the EVFS volume device file,

such as /dev/evfs/vg01/lvol5,

/dev/evfs/vx/dsk/rootdg/vol05, or

/dev/evfs/rdsk/c2t0d1.

You must be the owner of the EVFS volume to add an authorized user key. If you do not

have a stored passphrase for the owner's private key, evfsvol prompts you for the

passphrase.

Example

In the following example, the EVFS volume owner adds an authorized user key pair to the

EMD:

# evfsvol add -u init -k initkey /dev/evfs/vg01/lvol5

Enter owner passphrase:

(Enter the passphrase for the owner's key.)

Key ID "init.initkey" has been successfully added to encrypted volume

"/dev/evfs/vg01/lvol5"

Step 1e: Enabling the EVFS Volume

Use the evfsvol enable command to enable encryption and decryption access for the EVFS

volume:

evfsvol enable [-p]|[-k keyname] evfs_volume_path

where:

54 Configuring an EVFS Volume