evfspkey.1 (2010 09)
e
evfspkey(1) evfspkey(1)
(EVFS Software Required)
-g group Specifies the name of the group. You must be a key manager to perform any group key
related operations.
-k keyname Specifies the name of the public/private key pair. The private key file name is
keyname.priv, the public key file name is
keyname.pub, and the passphrase file name
is keyname
.id.
If no key name is specified then the user name is used as the default key name. If a key
pair with the same name already exists, key generation fails.
-m keywrap Specifies the module used to encrypt/decrypt private keys. This one overrides the one
specified in the /etc/evfs/evfs.conf
Valid values: evfs-pbe1 (AES-128-SHA2) or
evfs-pbe2 (AES-256-SHA2).
-n Requests not to automatically add the group access key to its members when a group key
is created.
-p Changes or creates the passphrase, and stores the new passphrase in a passphrase file.
The evfspkey command prompts the user for a new passphrase. If a stored passphrase
file does not already exist, evfspkey
also prompts the user for the current passphrase.
-r Specifies the recovery pseudo-user. EVFS stores the public key in the key storage data-
base, and saves the private key in the current working directory with the name
keyname.priv or evfs.priv,bydefault.
It is recommended that you store this private key offline. Copy the private key to remov-
able media and delete the private key file on the local system.
recovkey_file Specifies the path name of the recovery private key file.
-s Generates a random passphrase for the user, and stores the new passphrase. If a stored
passphrase file does not already exist, evfspkey prompts the user for the current
passphrase.
-u user Specifies the name of the user. By default, the user name of the user running the com-
mand is used. You must have superuser or appropriate privileges to create a key for
another user (for example: the key manager).
RETURN VALUE
evfspkey returns one of the following values:
0 Success
<>0 Failure
ERRORS
Errors will be printed to standard error.
EXAMPLES
The following command generates a new 1024-bit RSA key pair and stores it in the key database. The
evfspkey utility will prompt the user for a passphrase:
% evfspkey keygen -c rsa-1024 -k mykey
The following command adds a key pair for user jdoe into the key database (you must have superuser
capabilities or appropriate privileges to create a key pair for another user). The evfspkey utility will
prompt the user for a passphrase:
% evfspkey keygen -u jdoe -k jdoekey
The following command adds a new recovery key pair to the key database. The key name is specified in
the /etc/evfs/evfs.conf file (the default is evfs):
% evfspkey keygen -r
The following command creates a key pair and a passphrase file by prompting the user:
% evfspkey keygen -p -k adminkey
The following command creates a key pair and a passphrase file using a random passphrase:
% evfspkey keygen -s -k testkey
HP-UX 11i Version 3: September 2010 − 3 − Hewlett-Packard Company 3