evfspkey.1 (2010 09)
e
evfspkey(1) evfspkey(1)
(EVFS Software Required)
import Import a user or group key pair into EVFS key database from a file in either PKCS#12 for-
mat or PEM format. If the option
-F is not specified, the PKCS#12 format will be
assumed.
The key manager can import a group key or a user key. A key owner can import his/her
own key.
keygen Generate a public/private key pair and add them to the EVFS key database. Only RSA
keys are supported. The key size can be 1024, 1536 or 2048.
User key data is by default stored locally under the
/etc/evfs/pkey/users
directory
while group key data is stored under the
/etc/evfs/pkey/groups
directory.
The administrator can configure alternate local or remote storage directories for public
keys, private keys, and stored passphrases using the
pub_key, priv_key, and
pass_key directories in the /etc/evfs/evfs.conf
file.
EVFS creates a
users subdirectory for all user keys, and a
groups subdirectory for all
group keys, it then creates a subdirectory under
users for each user that creates EVFS
keys, using the user name as the directory name. EVFS also creates a subdirectory under
groups for each group that has EVFS key, using the group name as the directory name.
loadkey Loads EFS recovery key into the kernel. The pre-existing recovery key will be over-
written if there is one.
You must have superuser or appropriate privileges to perform this operation.
lookup Queries the key database and searches for a specific public/private key pair.
passgen Store, create, or change a passphrase file in the EVFS key database. The passphrase file
is used for the autostart feature to enable an EVFS volume automatically at system
startup time.
The module used for encrypting the passphrase is specified in the
/etc/evfs/evfs.conf
file.
Caution: Stored passphrases provide convenience, but they are security risks.
Options
evfspkey recognizes the following options and parameters:
-a Checks all group keys for the grpchk operation.
-c cipher Specifies the type of key to generate. Valid values are:
rsa-1024, rsa-1536, and
rsa-2048.
-d Disables the key manager’s capability to reset a key passphrase for a user by entering the
key manager’s passphrase (i.e. the key owner’s old passphrase is not required).
-e Enables the key manager’s capability to reset a key passphrase for a user by entering the
key manager’s passphrase (i.e. the key owner’s old passphrase is not required).
-F Specify the valid format for importing/exporting a key pair.
Valid values:
pkcs12 or pem.
-f For the keygen subcommand, this option specifies a file name which contains group
names with one name per line. The subcommand reads group names from the file and
creates group keys for each one of them. This allows the key manager to create multiple
group keys with one operation.
For the
passgen subcommand, this option generates a stored passphrase file, but do not
change the current passphrase. The evfspkey command prompts the user for the
current passphrase.
For the
import subcommand, this option specifies the file name which contains the key
in PKCS#12 or PEM format. The import subcommand imports the key from this file.
For the
export subcommand, this option specifies the file name to store the key exported.
For the
grpchk subcommand, this option adds group access keys to their members whose
primary group is the ones under process.
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010