1 EVFS Introduction

This chapter provides introductory information about the Encrypted Volume and File System (EVFS) product. This chapter addresses the following topics:

“Features and Benefits” (page 17)

“EVFS Architecture” (page 19)

“Supported Software” (page 26)

“Product Limitations and Precautions” (page 27)

“Known Problems” (page 29)

“Feedback and Enhancement Requests” (page 30)

Features and Benefits

EVFS protects data by encrypting data volumes to protect data at rest – data on disks. You can also use EVFS to create encrypted backup media. EVFS prevents anyone who gains unauthorized physical access to storage media from reading or using the data.

EVFS creates EVFS volumes, which are pseudo-devices (or virtual devices) layered on Logical Volume Manager (LVM), Veritas Volume Manager (VxVM), or physical volume devices. You can use the newfs command to create a file system on an EVFS volume just as you would create a file system on an LVM, VxVM, or physical volume. The EVFS subsystem encrypts data written to an EVFS volume and decrypts data read from an EVFS volume as needed.

EVFS provides the following features:

Data protection that is file-system independent.

EVFS supports all disk file system types that can be mounted on a LVM, VxVM, or physical volume, including High Performance File System (HFS) and Veritas File System (VxFS, also referred to as Journaled File System, or JFS).

Application transparency.

EVFS volumes are implemented as pseudo-devices below the HP-UX file system. No changes to applications are necessary. EVFS is compatible with network file sharing utilities, such as Network File System (NFS) and Common Internet File System (CIFS), and with network file access utilities, such as File Transfer Protocol (FTP) and remote copy (rcp).

High-performance bulk data encryption using symmetric keys.

EVFS encrypts volume data using a symmetric encryption key, referred to as the volume encryption key. EVFS supports the following symmetric key algorithms for encrypting volume data:

128-bit key Advanced Encryption Standard Cipher Block Chaining (AES CBC) mode

192-bit key AES CBC mode

256-bit key AES CBC mode

Public/private keys for symmetric key storage.

EVFS uses public/private encryption key to store volume encryption keys. EVFS supports the following public/private key encryption algorithms:

1024-bit key Rivest-Shamir-Adelman (RSA)

1536-bit key RSA

2048-bit key RSA

Passphrase storage and retrieval for automatic start (autostart).

EVFS encrypts private keys with passphrases. In normal operation, EVFS prompts the user for the passphrase to decrypt and retrieve the private key. To enable EVFS operation during system startup without human intervention, EVFS provides a mechanism to store a user's

Features and Benefits 17

Page 16 Page 18
Page 17
Image 17
HP UX Encrypted Volume and Filesystem (EVFS) manual Evfs Introduction, Features and Benefits
Page 16 Page 18
Top Page Image Contents