Administrator's Guide
Managing EVFS Keys and Users
This section describes the following procedures for managing EVFS keys and users:
• “Displaying Key IDs for an EVFS Volume” (page 84)
• “Restoring User Keys” (page 84)
• “Changing Owner Keys for an EVFS Volume” (page 86)
• “Recovering from Problems with Owner Keys” (page 87)
• “Removing Keys from an EVFS Volume” (page 87)
• “Removing User Keys or Stored Passphrase from the EVFS Key Database” (page 87)
• “Changing the Passphrase for a Key” (page 87)
• “Creating or Changing a Stored Passphrase for an Existing Key” (page 88)
Displaying Key IDs for an EVFS Volume
Use the following evfsvol display command to display EMD information for EVFS volumes,
including the owner key ID, recovery key IDs, and authorized user key IDs. The evfsvol
display command also displays operating parameters for the EVFS volume, including the
volume encryption algorithm and the underlying LVM, VxVM, or physical volume device file
name.
Syntax
evfsvol display [-a|evfs_volume_path]
where:
-a
Displays the EMD information for all configured EVFS volumes.
-evfs_volume_path
Specifies the absolute pathname for the EVFS volume device file,
such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or
/dev/evfs/dsk/c2t0d1. The evfsvol utility displays the EMD
information for the volume.
Example
The output for the evfsvol display evfs_volume_path is similar to the following:
# evfsvol display /dev/evfs/vg01/lvol5
EVFS Volume Name: /dev/evfs/vg01/lvol5
Mapped Volume Name: /dev/vg01/lvol5
EVFS Volume State: enabled
EMD Size (Kbytes): 520
Max User Envelopes: 1024
Data Encryption Cipher: aes-128-cbc
Digest: sha1
Owner Key ID: root.rootkey1
Recovery Agent Key IDs: evfs.evfs
Total Recovery Agent Keys: 1
User Key IDs: root.admink
Total User Keys: 1
The Owner Key ID, Recovery Agent Key IDs, and User Key IDs fields show the key
IDs configured for the volume.
Restoring User Keys
Use the following procedure to restore user key files from backup media:
84 Administering EVFS