HP UX Encrypted Volume and Filesystem (EVFS) manual Changing Owner Keys for an Evfs Volume

4.Restore the public and private key files and any passphrase files with the following name, owner, group, and permissions:

•Public Key

—File name: key_storage_directory/user_name/key_name.pub

(/etc/evfs/pkey/user_name/key_name.pub if you are using the default key storage directory)

—Owner: the user name for the owner

—Group: sys

—Permissions: Readable and writable by the owner, readable by group, and readable by everyone else (644, or -rw-r--r--)

•Private Key:

—File name: key_storage_directory/user_name/key_name.priv

(/etc/evfs/pkey/user_name/key_name.priv if you are using the default key storage directory)

—Owner: the user name for the owner

—Group: sys

—Permissions: Readable and writable by only the owner (600, or -rw-------)

•Passphrase File:

—File name: key_storage_directory/user_name/key_name.pass.nnn

(/etc/evfs/pkey/user_name/key_name.pass.nnn if you are using the default key storage directory), where nnn is a number based on system-specific data

—Owner: the user name for the owner

—Group: sys

—Permissions: Readable and writable only by the owner (600, or -rw-------)

After you restore these files, a listing of the files shows output similar to the following:

#ll /etc/evfs/pkey/root total 32

192003-6e81-11d9-8b9e-b8f2666e6f49

Changing Owner Keys for an EVFS Volume

Use the following evfsvol assign command to change the owner or owner key of an EVFS volume. To execute this command, you must be the current owner of the EVFS volume or have the private key file for the volume recovery key. (The procedure for creating a recovery key is described in “Creating Recovery Keys” (page 45). The procedure for adding a recovery key to an EVFS volume is described in “Step 1d: (Optional) Adding Recovery Keys and authorized user Keys” (page 53).)

evfsvol assign -u newowner [-r recoveryprivkeyfile] [-k keyname] evfs_volume_path

86 Administering EVFS