This post will in short describe how to setup an Encrypted Filesystem on AIX 6.1.
EFS offers 2 modes of operation:
Root Admin mode
This is the default mode. Root can reset user and group keystore passwords.
Root Guard mode
Root doeas not have access to user’s encrypted files and cannot change their passwords.
Note: NFS exports of EFS filesystems are not supported.
RBAC has to be enabled. Should be by default on AIX 6.1. If not use chdev to enable it.
# lsattr -El sys0 | grep RBAC enhanced_RBAC true Enhanced RBAC Mode True
CryptoLite needs to be installed
# lslpp -l | grep clic clic.rte.kernext 22.214.171.124 COMMITTED CryptoLite for C Kernel clic.rte.lib 126.96.36.199 COMMITTED CryptoLite for C Library clic.rte.kernext 188.8.131.52 COMMITTED CryptoLite for C Kernel
2. EFS Commands:
efsenable – Enables EFS on a given system. This is run only once
efskeymgr – Encryption Key Management tool
efsmgr – File encryption and decryption