Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Encrypted Volume and Filesystem (EVFS)

-k keyname

Specifies the key pair name for the new owner. If you do not

specify this option or the -r option, evfsvol uses the owner's

user name as the key pair name.

evfs_volume_path

Specifies the absolute pathname for the EVFS volume device

file, such as /dev/evfs/vg01/lvol5,

/dev/evfs/vx/dsk/rootdg/vol05, or

/dev/evfs/dsk/c2t0d1.

Recovering from Problems with Owner Keys

If the keys for an owner of an EVFS volume cannot be restored or are compromised, or if the

owner forgets the passphrase for the private key, you must use the recovery user's private key

to assign a new owner for the EVFS volume. For more information, see the section “Changing

Owner Keys for an EVFS Volume” (page 86).

Removing Keys from an EVFS Volume

Use the following evfsvol delete command to remove a key record pair from an EVFS

volume. You must be the owner of the EVFS volume to execute this command.

evfsvol delete [-u username|-r] [-k keyname] evfs_volume_path

where:

-u username

Specifies the user name for the keys you want to delete from the

volume. If you do not specify this argument or the -r option, evfsvol

uses your user name.

-r

Specifies that you want to delete recovery user keys.

-k keyname

Specifies the name of the key pair you want to delete. If you do not

specify this option, evfsvol uses the user name as the key name.

evfs_volume_path

Specifies the absolute pathname for the EVFS volume device file, such

as /dev/evfs/vg01/lvol5, /dev/evfs/vx/dsk/rootdg/vol05,

or /dev/evfs/dsk/c2t0d1.

Removing User Keys or Stored Passphrase from the EVFS Key Database

Use the evfspkey delete command to remove a user key pair from the EVFS key database

or to remove the passphrase for a private key. You must have superuser privileges to delete a

key pair or passphrase that you do not own.

evfspkey delete [-u username|-r] [-p] [-k keyname]

where:

-u username

Specifies the user name for the keys you want to delete from the database. If

you do not specify this argument or the -r option, evfsvol uses your user

name.

-r

Specifies that you want to delete recovery user keys.

-p

Specifies that you only want to delete the stored passphrase for the private

key.

-k keyname

Specifies the name of the key pair you want to delete. If you do not specify

this option, evfsvol uses the user name as the key name.

Changing the Passphrase for a Key

Use the evfspkey passgen command to change the passphrase for an existing private key.

You must have superuser privileges to change the passphrase for a key that you do not own. If

a stored passphrase does not exist for the current passphrase, evfspkey prompts you for the

current passphrase.

Managing EVFS Keys and Users 87