evfsfile.1 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

evfsﬁle(1) evfsﬁle(1)

(EVFS Software Required)

successful.

Only the owner of the ﬁle, being in secure session, can perform this operation. Users

must login to secure session using the

evfsauth login command. See evfsauth (1).

set Enable or disable encryption for a given directory or a ﬁle system. To enable/disable

encryption at ﬁle system level, the mount point directory where the ﬁle system is

mounted should be speciﬁed. This command can also be used to change the encryption

parameters (e.g. cipher) on a directory.

Once the directory is enabled for encryption, all the new ﬁles created in this directory are

encrypted and all the new sub-directories created in that directory inherit the encryption

parameters.

When a ﬁle system mount point is enabled for encryption, all the new ﬁles and directories

created in this ﬁle system uses the encryption parameters from the mount point, unless

the directory is explicitly conﬁgured with the different encryption parameters.

If the directory is disabled for encryption, all the new ﬁles created in that directory are

not encrypted. In addition, the new sub-directories created in that directory will not

inherit the encryption parameters from the parent directory, but the sub-directories may

inherit the encryption parameters from the mount point if the ﬁle system is conﬁgured

for encryption.

NOTE: In all the above cases, If the directory/mount point is enabled or disabled for

encryption, the encryption parameters for all the existing ﬁles and directories, sub-

directories remain unchanged.

Only the superuser or the owner of the directory is allowed to enable/disable a directory

or a mount point for encryption.

sync Synchronize the ﬁle owner/group UNIX DAC permissions with encryption access permis-

sions of an encrypted ﬁle. When a directory is speciﬁed, it causes sync to synchronize

all the encrypted ﬁles in the subtree rooted at the directory speciﬁed.

Only the superuser can perform this operation.

Options

evfsfile recognizes the following options and parameters:

file The absolute path name of an encrypted ﬁle or clear-text ﬁle from an Encrypted File Sys-

tem

directory The absolute path name of the directory from an Encrypted File System.

-c cipher The cipher suite to use for ﬁle data encryption. Valid values are:

aes-128-cfb, aes-

192-cfb, and aes-256-cfb.

When the

-c option is not speciﬁed, the default value is extracted from the

file_cipher parameter of the evfs conﬁguration ﬁle, evfs.conf, (see evfs.conf (4)),

set to aes-128-cfb at install time.

-d Disable encryption on a given directory or ﬁle system.

-g group Specify the group for recovery.

-r When used with the evfsfile add subcommand, the -r option indicates that the key

being added/replaced is a recovery key.

When used with the

evfsfile assign subcommand, the -r option is used to specify

the name of the ﬁle containing the private key of a recovery user.

-u user Specify the user for recovery.

RETURN VALUE

evfsfile returns one of the following values:

0 Success

<>0 Failure

2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010