evfspkey.1 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

evfspkey(1) evfspkey(1)

(EVFS Software Required)

NAME

evfspkey - manages EVFS public/private keys and passphrases

SYNOPSIS

evfspkey add -u user [-g group]

evfspkey delete [-u user] -g group

evfspkey delete [-u user | -r

][-p][-k keyname]

evfspkey export [-r recovkey_ﬁle |

-u user [-k keyname ]|-g group]

[

-F pkcs12 | -F pem]

-f ﬁlename

evfspkey grpchk [-f]{-a |[

-u user][-g group ]}

evfspkey import -g group [-F pkcs12 |

-F pem] -f ﬁlename

evfspkey import [-r | -p [

-u user]|-s [-u user]] [-k keyname][-m keywrap ]

[

-F pkcs12 | -F pem] -f

ﬁlename

evfspkey keygen [-n][-c

cipher ]{-g group | -f ﬁlename}

evfspkey keygen [-r |[-p

[-u user ]|-s [-u user ]] [-c cipher ][-k

keyname][-m

keywrap ]

evfspkey loadkey -r

evfspkey lookup -g group

evfspkey lookup [-u user | -r][-k keyname]

evfspkey passgen {-d | -e}[-k keyname]

evfspkey passgen [-r recovkey_ﬁle | -f [-u user][-k keyname]|

-p [-u user][-k keyname][-m keywrap ]|

-s [-u user][-k keyname][-m keywrap ]

DESCRIPTION

The

evfspkey command enables users to create and manage their public/private key pairs and

passphrases. See evfs (5) for more information on the keys.

Always use the

evfspkey command to modify key and passphrase ﬁles. Do not edit key and passphrase

ﬁles directly.

The

evfspkey command requires the optional HP-UX Encrypted Volume and File System (EVFS)

software.

Subcommands

evfspkey recognizes the following subcommands:

add Add the group access key into the user’s key record if the group is the primary group of

this user. As a result, the user will have permissions granted to the group to read/write

encrypted ﬁles.

Only the key manager can perform this operation.

delete Remove a public/private key pair and or passphrase from the EVFS key database. If both

user and group are speciﬁed, the group access key will be removed from the user’s key

record without removing the key pair.

This subcommand also removes any existing passhprase ﬁle for the speciﬁed key.

export Export a user or group key pair from EVFS key database to a ﬁle in either PKCS#12 for-

mat or PEM format. If the option -F is not speciﬁed, the PKCS#12 format will be

assumed.

The key manager can export a group key or a user key. A key owner can export his/her

own key.

grpchk Check if group access keys are in those users’ key records whose primary group is the one

under process. You may check all group keys with the -a option, or specify speciﬁc user

and groups, with the -u and -g options.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
evfspkey(1) evfspkey(1) (EVFS Software Required) NAME evfspkey - manages EVFS public/private keys and passphrases SYNOPSIS evfspkey add -u user [-g group ] evfspkey delete [-u user ] -g group evfspkey delete [-u user | -r] [-p] [-k keyname ] evfspkey export [-r recovkey_file | -u user [-k keyname ] | -g group] [-F pkcs12 | -F pem] -f filename evfspkey grpchk [-f] {-a | [-u user ] [-g group ]} evfspkey import -g group [-F pkcs12 | -F pem] -f filename evfspkey import [-r | -p [-u user] | -s [-u user]] [-k
PAGE 2
evfspkey(1) evfspkey(1) (EVFS Software Required) import Import a user or group key pair into EVFS key database from a file in either PKCS#12 format or PEM format. If the option -F is not specified, the PKCS#12 format will be assumed. The key manager can import a group key or a user key. A key owner can import his/her own key. keygen Generate a public/private key pair and add them to the EVFS key database. Only RSA keys are supported. The key size can be 1024, 1536 or 2048.
PAGE 3
evfspkey(1) evfspkey(1) (EVFS Software Required) -g group Specifies the name of the group. You must be a key manager to perform any group key related operations. -k keyname Specifies the name of the public/private key pair. The private key file name is keyname .priv, the public key file name is keyname.pub, and the passphrase file name is keyname .id. If no key name is specified then the user name is used as the default key name. If a key pair with the same name already exists, key generation fails.
PAGE 4
evfspkey(1) evfspkey(1) (EVFS Software Required) The following command changes the passphrase and creates passphrase file for the key pair rootkey. The evfspkey utility will prompt the user for a new passphrase, and will prompt the user for the existing passphrase if a passphrase file does not already exist: % evfspkey passgen -p -k rootkey The following command creates a stored passphrase file for the key pair rootkey for the existing passphrase (it does not change the passphrase).