开发学院操作系统 Linux/Unix AIX 6 加密文件系统（Encrypted File System），第... 阅读

AIX 6 加密文件系统（Encrypted File System），第 6 部分：备份与恢复

　2008-09-06 08:19:58　来源：WEB开发网　　　

核心提示： 删除原始 file1、file2 和 file3， user6 使用 restore 命令恢复所有的文件，AIX 6 加密文件系统（Encrypted File System），第 6 部分：备份与恢复(7)，在进行恢复之后，所有的文件都保持了创建时的访问密钥， user6 可以使用活动密

删除原始 file1、file2 和 file3。

user6 使用 restore 命令恢复所有的文件。在进行恢复之后，所有的文件都保持了创建时的访问密钥。

正如 cat 命令所显示的，user6 仍然可以访问所有的文件。

正如 efskeymgr -D 和 efskeymgr -v 命令所显示的，已经删除了 key2，并将其从 user6 密钥存储库中删除。

再次删除 file1、file2 和 file3。

user6 使用 restore 命令成功地恢复了所有的文件。

正如 efskeymgr -o 和 efskeymgr -V 命令所显示的，任何新生成的 Shell 都不包含 key2。

user6 可以使用活动密钥 (key3) 访问 file3、使用已弃用的密钥 (key1) 访问 file1，但再不能够访问 file2，因为 key2 已经删除。

示例 4 除了文件之外还必须保存访问密钥

$ echo 1111 > file1 $ efsmgr -l file1 EFS File information: Algorithm:AES_128_CBC List of keys that can open the file: Key #1: Algorithm :RSA_1024 Who :uid 208 Key fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c $ efskeymgr -v Keystore content: Keystore owner ............: uid 208 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 05/11/07 at 16:10:19 Private key: Algorithm :RSA_1024 Fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c Validity :This key is valid. $ efskeymgr -R RSA_1024 $ efskeymgr -o ksh user6's EFS password: $ touch file2 $ echo 2222> file2 EFS File information: Algorithm:AES_128_CBC List of keys that can open the file: Key #1: Algorithm :RSA_1024 Who :uid 208 Key fingerprint :ffcbef78:cf865d70:bfab5101:ab572d70:f3326d79 $ efskeymgr -R RSA_1024 $ efskeymgr -o ksh user6's EFS password: $ echo 3333> file3 $ efsmgr -l file3 EFS File information: Algorithm:AES_128_CBC List of keys that can open the file: Key #1: Algorithm :RSA_1024 Who :uid 208 Key fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e $ efskeymgr -v Keystore content: Keystore owner ............: uid 208 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 05/11/07 at 16:10:19 Private key: Algorithm :RSA_1024 Fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e Validity :This key is valid. Private key: Algorithm :RSA_1024 Fingerprint :ffcbef78:cf865d70:bfab5101:ab572d70:f3326d79 Validity :This key was deprecated on 05/11/07 at 16:41:27. Private key: Algorithm :RSA_1024 Fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c Validity :This key was deprecated on 05/11/07 at 16:33:10. $ ls file*|backup -ivZf archive Mount volume 1 on archive. Press Enter to continue. Backing up to archive. Cluster 51200 bytes (100 blocks). Volume 1 on archive a 4096 file1 a 4096 file2 a 4096 file3 The total size is 12288 bytes. Backup finished on Fri May 11 17:03:46 CDT 2007; there are 100 blocks on 1 volumes. $ rm file* $ restore -xvf archive Please mount volume 1 on archive. Press the Enter key to continue. New volume on archive: Cluster size is 51200 bytes (100 blocks). The volume number is 1. The backup date is:Fri May 11 17:03:45 CDT 2007 Files are backed up by name. The user is root. x 4096 file1 x 4096 file2 x 4096 file3 The total size is 12288 bytes. The number of restored files is 3. $ efsmgr -l file1 EFS File information: Algorithm:AES_128_CBC List of keys that can open the file: Key #1: Algorithm :RSA_1024 Who :uid 208 Key fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c $ efsmgr -l file2 EFS File information: Algorithm:AES_128_CBC List of keys that can open the file: Key #1: Algorithm :RSA_1024 Who :uid 208 Key fingerprint :ffcbef78:cf865d70:bfab5101:ab572d70:f3326d79 $ efsmgr -l file3 EFS File information: Algorithm:AES_128_CBC List of keys that can open the file: Key #1: Algorithm :RSA_1024 Who :uid 208 Key fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e $ cat file* 1111 2222 3333 $ efskeymgr -D ffcbef78:cf865d70:bfab5101:ab572d70:f3326d79 $ efskeymgr -v Keystore content: Keystore owner ............: uid 208 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 05/11/07 at 16:10:19 Private key: Algorithm :RSA_1024 Fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e Validity :This key is valid. Private key: Algorithm :RSA_1024 Fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c Validity :This key was deprecated on 05/11/07 at 16:33:10. $ rm file* $ restore -xvf archive Please mount volume 1 on archive. Press the Enter key to continue. New volume on archive: Cluster size is 51200 bytes (100 blocks). The volume number is 1. The backup date is:Fri May 11 17:03:45 CDT 2007 Files are backed up by name. The user is root. x 4096 file1 x 4096 file2 x 4096 file3 The total size is 12288 bytes. The number of restored files is 3. $ efskeymgr -o ksh $ cat file* 1111 cat:0652-050 Cannot open file2. 3333 示例 5 使用活动的用户密钥对文件进行重新加密 $ efskeymgr -v Keystore content: Keystore owner ............: uid 208 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 05/11/07 at 16:10:19 Private key: Algorithm :RSA_1024 Fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e Validity :This key is valid. Private key: Algorithm :RSA_1024 Fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c Validity :This key was deprecated on 05/11/07 at 16:33:10. $ efsmgr -l file1 EFS File information: Algorithm:AES_128_CBC List of keys that can open the file: Key #1: Algorithm :RSA_1024 Who :uid 208 Key fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c $ efsmgr -e file1 $ efsmgr -l file1 EFS File information: Algorithm:AES_128_CBC List of keys that can open the file: Key #1: Algorithm :RSA_1024 Who :uid 208 Key fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e