HP UX Encrypted Volume and Filesystem (EVFS) manual

evfsvol create -kkeyname [-ccipher]evfs_volume_path

evfs_volume_path Specifies the absolute pathname for the EVFS volume device file, such as /dev/evfs/vg01/lvol5, /dev/evfs/vx/dsk/rootdg/vol05, or /dev/evfs/rdsk/c2t0d1.

CAUTION: The evfsvol create command overwrites any existing data on the volume.

If you have existing data that you want to protect with EVFS, you must use one of the following methods:

•Use option 1 to create an EVFS volume on an unused LVM, VxVM, or physical volume and then copy the data to the EVFS volume.

•Use option 2 to convert an existing volume into an EVFS volume.

For more information, see “Configuration Overview” (page 49).

When the evfsvol utility creates the EMD, it:

•Reads operating parameters from the /etc/evfs/evfs.conf file, such as the data encryption algorithm for the volume, and writes them to the EMD.

•Generates the volume encryption key (the symmetric key used to encrypt the volume data).

•Creates a key record for the owner by encrypting the volume encryption key using the owner's public key. The evfsvol utility then writes this key record to the EMD.

Example

The root user enters the following evfsvol create command. EVFS creates the EMD and overwrites any existing data on the volume. The owner key for the volume will be root.rootkey1.

#evfsvol create -k rootkey1 /dev/evfs/vg01/lvol5

Enter owner passphrase:(Enter the passphrase for rootkey1.)

Encrypted volume "/dev/evfs/vg01/lvol5" has been successfully created.

Step 1d: (Optional) Adding Recovery Keys and authorized user Keys

Optionally, use the evfsvol add command to add recovery and authorized user key pairs to the EVFS volume. HP recommends that you add a recovery key pair to each EVFS volume.

i.Use the following command to add a recovery key pair: evfsvol add -r [-k keyname] evfs_volume_path where:

Option 1: Creating a New EVFS Volume 53