evfs.conf.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

evfs.conf(4) evfs.conf(4)

(EVFS Software Required)

NAME

evfs.conf - conﬁguration ﬁle for the EVFS module

SYNOPSIS

/etc/evfs/evfs.conf

DESCRIPTION

The evfs.conf ﬁle is the EVFS conﬁguration ﬁle that enables the user to set global parameters for the

EVFS subsystem. The EVFS subsystem reads the evfs.conf

ﬁle when it starts, and the EVFS utilities

(

evfsadm, evfspkey, evfsvol, evfsauth

, and evfsfile) read it each time they start.

Each entry in this ﬁle is of the form:

attribute_name

=attribute_value

Each entry must be on one input line, with no line breaks or line continuation characters.

Supported Attributes

The attributes supported are:

data_cipher Speciﬁes the cipher suite used for volume-level mode data

encryption/decryption.

Valid values:

aes-128-cfb, aes-192-cfb

, aes-256-cfb,

aes-128-cbc, aes-192-cbc,oraes-256-cbc

emd_backup Speciﬁes the parent directory for backup EMDs.

emd_digest Speciﬁes the message digest algorithm used in the EMD. Only sha1 is sup-

ported.

emd_envelopes Speciﬁes the maximum number of envelopes to allow when creating a new

EMD.

Valid values: 1 - 1024.

efs_recovery_keyname

Speciﬁes the recovery key name for ﬁle data encryption. If this is conﬁgured

and the recovery key is created, all encrypted ﬁles created will use this key as

the recovery key. If this is not speciﬁed, encrypted ﬁles will not be recoverable.

evfs_user Speciﬁes the name of the EVFS pseudo-user.

evfsconf_vers Speciﬁes the conﬁguration ﬁle format version. Do not modify the value for this

attribute.

file_cipher Speciﬁes the cipher suite used for ﬁle-level mode data encryption/decryption.

Valid values:

aes-128-cfb, aes-192-cfb

,oraes-256-cfb.

kernel_encryption_mode

Speciﬁes the kernel encryption mode. This attribute is ignored on single-

processor systems.

Valid values:

distributed or local.

Default:

distributed.

In distributed mode, the administrator can specify the number of kernel

encryption threads to create when EVFS starts using the

-n option with the

evfsadm start command. EVFS forwards encryption and decryption

requests to the common thread pool regardless of the CPU on which the I/O

originates.

In local mode, each CPU has its own local thread, and encryption requests are

processed on the CPU on which the I/O originates. Local mode may provide

better performance on systems with Cache Coherent Non-Uniform Memory

(ccNUMA) Architecture or in installations where data-intensive applications

bind to a single CPU.

key_manager Speciﬁes the user account of the key manager. This must be conﬁgured to

enable key manager’s functions, which include managing group keys and

resetting the key passphrase of other users. Once the key manager’s key is

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
evfs.conf(4) evfs.conf(4) (EVFS Software Required) NAME evfs.conf - configuration file for the EVFS module SYNOPSIS /etc/evfs/evfs.conf DESCRIPTION The evfs.conf file is the EVFS configuration file that enables the user to set global parameters for the EVFS subsystem. The EVFS subsystem reads the evfs.conf file when it starts, and the EVFS utilities (evfsadm, evfspkey, evfsvol, evfsauth, and evfsfile) read it each time they start.
PAGE 2
evfs.conf(4) evfs.conf(4) (EVFS Software Required) created, you cannot change the key manager to a different user, or the key manager’s functions will be disabled. keygen Specifies the public/private key algorithm string to use to generate public keys (see evfs_cryptx.conf(4) for supported algorithm strings).
PAGE 3
evfs.conf(4) evfs.conf(4) (EVFS Software Required) library Fully-qualified path name of the encryption and storage library. Default values for pub_key, priv_key, and pass_key: /usr/lib/evfs/hpux64/libevfs_pkey.so (Itanium systems) or /usr/lib/evfs/pa20_64/libevfs_pkey.sl (PA-RISC systems). Default values for pbe and passx: /usr/lib/evfs/hpux64/libevfs_pbe.so (Itanium systems) or /usr/lib/evfs/pa20_64/libevfs_pbe.sl (PA-RISC systems). [ Literal left square bracket.
PAGE 4
evfs.conf(4) evfs.conf(4) (EVFS Software Required) evfs_user = evfsuser emd_envelopes = 1024 emd_digest = sha1 data_cipher = aes-128-cbc #aes-192-cbc or aes-256-cbc trace_file = /var/opt/evfs/evfstrace.