Step 3: (Optional) Modifying EVFS Global Parameters

Edit the /etc/evfs/evfs.conf file to modify EVFS global parameters. This step is optional, and you can use the default attribute values for most installations. Three attributes you might want to modify are:

data_cipher

The data_cipher attribute specifies the default data encryption algorithm (the algorithm EVFS uses to encrypt volume data). You can also specify the data encryption when you enter the evfsvol create command, as described in “Step 1: Configuring an EVFS Volume” (page 51).

Valid values:

aes-128-cbc(128-bit AES CBC) aes-192-cbc(192-bit AES CBC) aes-256-cbc(256-bit AES CBC)

A longer key length provides more security, but slows data transfer rates. Default: aes-128-cbc

emd_backup

The emd_backup attribute specifies the directory EVFS uses to store backup images of EMD data.

Default: /etc/evfs/emd

pbe

The pbe attribute specifies the encryption library EVFS uses to secure EVFS private keys. On systems with HP-UX Trusted Computing Services (TCS), you can modify this attribute so that EVFS uses TCS to secure EVFS private keys.

For more information about using TCS with EVFS, see the HP-UX TCS product documentation.

For a complete list of global parameters, see evfs.conf(4).

42 Preparing EVFS for Configuration

Page 42
Image 42
HP UX Encrypted Volume and Filesystem (EVFS) manual Optional Modifying Evfs Global Parameters, Datacipher, Emdbackup, Pbe