In the following example, the user creates a second recovery key. The evfspkey utility saves the private key in the current directory with the file name evfs2.priv. Store this file off line.

#evfspkey keygen -c rsa-2048 -r -k evfs2

Creating Keys for authorized users

Creating keys for authorized users is optional. A user with an authorized user key can enable and disable encryption and decryption access to an EVFS volume, but cannot change the EVFS volume owner, destroy a volume, or add and delete keys to a volume.

Use the following evfspkey keygen command to create key pairs for authorized users:

evfspkey keygen [-p-s] [-c cipher] [-u user] [-k keyname]

where:

 

-p

Causes evfspkey to prompt for passphrase. The evfspkey utility will prompt

 

you for a passphrase and store the passphrase in an encrypted file. The

 

passphrase must contain at least eight characters.

 

CAUTION: A stored passphrase enables you to use the EVFS autostart feature

 

but it is a security risk.

-s

Causes evfspkey to generate a passphrase automatically. The evfspkey

 

utility will generate a passphrase for you and store the passphrase in an

 

encrypted file.

-ccipher

Specifies the type of public/private (cipher) keys to create.

 

Valid values:

 

rsa-1024(RSA 1024-bit keys)

 

rsa-1536(RSA 1536-bit keys)

 

rsa-2048(RSA 2048-bit keys)

 

Default: rsa-1536

-uuser

Specifies the user name of the key owner. If you do not specify -uuser,

 

evfspkey uses your user name as the key owner. You must have superuser

 

capability or the appropriate privileges to create a key pair for another user.

-kkeyname

Specifies the key name. If you do not specify -kkeyname, evfspkey uses the

 

user name as the key name.

 

Valid value: An ASCII string, 1 to 255 characters long.

Examples

In the following example, the root user creates a key for the user init with the key name initkey. The key will be used for the autostart feature. The evfspkey utility generates a passphrase and stores the passphrase.

#evfspkey keygen -s -u init -k initkey

Public/Private key pair "init.initkey" has been successfully generated.

In the following example, the root user creates a key for the user mittal-musa. The key name is also mittal-musa.

#evfspkey keygen -u mittal-musa Enter passphrase:(enter a passphrase)

Re-enterpassphrase:(re-enter the passphrase to confirm it) Public/Private key pair "mittal-musa.mittal-musa" has been successfully generated.

46 Preparing EVFS for Configuration

Page 46
Image 46
HP UX Encrypted Volume and Filesystem (EVFS) Creating Keys for authorized users, Encrypted file, User name as the key name