evfsfile.1 (2010 09)
e
evfsfile(1) evfsfile(1)
(EVFS Software Required)
EXAMPLES
The following command enables a directory /test_efs_mnt/efs_dir
for encryption, where the
/test_efs_mnt
is the mount point of an encrypted file system:
% evfsfile set /test_efs_mnt/efs_dir
The following command changes the cipher specified for a directory
/test_efs_mnt/efs_dir
to
aes-256-cfb where the /test_efs_mnt
is the mount point of an encrypted file system:
% evfsfile set -c aes-256-cbc /test_efs_mnt/efs_dir
The following command displays the encryption attributes for a directory enabled for encryption,
/test_efs_mnt/efs_dir
:
% evfsfile list /test_efs_mnt/efs_dir
The following command disables the directory /test_efs_mnt/efs_dir
for encryption:
% evfsfile set -d /test_efs_mnt/efs_dir
The following command lists the encryption attributes of an encrypted file,
/test_efs_mnt/efs_dir/efs_file
:
% evfsfile list /test_efs_mnt/efs_dir/efs_file
The following command encrypts the clear-text file /test_efs_mnt/clr_dir/clr_file
in an
encrypted file system with the cipher
aes-256-cfb. (Only the owner of the file is allowed to perform
this operation by being in secure session):
% evfsfile encrypt -c aes-256-cfb /test_efs_mnt/clr_dir/clr_file
The following command changes the encryption key of an encrypted file
/test_efs_mnt/efs_dir/efs_file
in an encrypted file system with the cipher aes-128-cfb.
(Only the owner of the file is allowed to perform this operation by being in secure session):
% evfsfile rekey -c aes-128-cfb /test_efs_mnt/enc_dir/enc_file
The following command decrypts an encrypted file /test_efs_mnt/efs_dir/efs_file
in an
encrypted file system. (Only the owner of the file is allowed to perform this operation by being in secure
session):
% evfsfile decrypt /test_efs_mnt/enc_dir/enc_file
The following command changes both the owner and group of an encrypted file
/test_efs_mnt/efs_dir/efs_file2
with the recovery private key file /evfs.priv. The
newowner will be
user1 and the new group will be grp1 (only a superuser can execute this command):
% evfsfile assign -r /evfs.priv -u user1 -g grp1
/test_efs_mnt/efs_dir/efs_file2
The following command adds the recovery key record to the encrypted file
/test_efs_mnt/efs_dir/efs_file3. (Only the owner of an encrypted file is allowed to perform
this operation):
% evfsfile add -r /test_efs_mnt/efs_dir/efs_file3
The following command synchronizes the UNIX DAC permissions with the EVFS access permissions of an
encrypted file
/test_efs_mnt/efs_dir/efs_file4
. (Only the superuser is allowed to perform
this operation):
% evfsfile sync /test_efs_mnt/efs_dir/efs_file4
AUTHOR
evfsfile was developed by Hewlett-Packard.
FILES
/etc/evfs/evfs.conf EVFS configuration information
SEE ALSO
evfsauth(1), evfspkey(1), evfs.conf(4), evfs(5).
HP-UX 11i Version 3: September 2010 − 3 − Hewlett-Packard Company 3