AIX 6 加密文件系统(Encrypted File System),第 6 部分:备份与恢复
2008-09-06 08:19:58 来源:WEB开发网 闂傚倸鍊搁崐椋庢濮橆兗缂氱憸宥堢亱闂佸湱铏庨崰鏍不椤栫偞鐓ラ柣鏇炲€圭€氾拷
闂傚倸鍊搁崐椋庣矆娓氣偓楠炲鏁撻悩鎻掔€梺姹囧灩閻忔艾鐣烽弻銉︾厵闁规鍠栭。濂告煕鎼达紕校闁靛洤瀚伴獮鎺楀箣濠靛啫浜鹃柣銏⑶圭壕濠氭煙閻愵剚鐏辨俊鎻掔墛缁绘盯宕卞Δ鍐冣剝绻涘畝濠佺敖缂佽鲸鎹囧畷鎺戭潩閹典焦鐎搁梻浣烘嚀閸ゆ牠骞忛敓锟�
婵犵數濮烽弫鍛婃叏椤撱垹绠柛鎰靛枛瀹告繃銇勯幘瀵哥畼闁硅娲熷缁樼瑹閳ь剙岣胯鐓ら柕鍫濇偪濞差亜惟闁宠桨鑳堕崝锕€顪冮妶鍡楃瑐闁煎啿鐖奸崺濠囧即閵忥紕鍘梺鎼炲劗閺呮稒绂掕缁辨帗娼忛埡浣锋闂佽桨鐒﹂幑鍥极閹剧粯鏅搁柨鐕傛嫹闂傚倸鍊搁崐椋庢濮橆兗缂氱憸宥堢亱闂佸湱铏庨崰鏍不椤栫偞鐓ラ柣鏇炲€圭€氾拷 闂傚倸鍊搁崐鐑芥嚄閼哥數浠氱紓鍌欒兌缁垶銆冮崨鏉戠厺鐎广儱顦崡鎶芥煏韫囨洖校闁诲寒鍓熷铏圭磼濡搫顫岄梺鍦拡閸嬪棝鎯€椤忓浂妯勯梺鍝勬湰濞叉ḿ鎹㈠┑濠勭杸闁哄洨濮烽悰銉╂⒒娴e搫甯跺鐟帮攻缁傚秴饪伴崼姘e亾閺冨牆绀冩い蹇庣娴滈箖鏌ㄥ┑鍡涱€楀褜鍠栭湁闁绘ɑ鐟ョ€氼喚绮绘ィ鍐╃厱妞ゆ劑鍊曢弸搴ㄦ煟韫囧鍔滈柕鍥у瀵潙螣閸濆嫬袝婵$偑鍊戦崹娲偡閳哄懎绠栭柍鈺佸暞閸庣喖鏌曢崶褍绨婚柟鍑ゆ嫹
删除原始 file1、file2 和 file3。
user6 使用 restore 命令恢复所有的文件。在进行恢复之后,所有的文件都保持了创建时的访问密钥。
正如 cat 命令所显示的,user6 仍然可以访问所有的文件。
正如 efskeymgr -D 和 efskeymgr -v 命令所显示的,已经删除了 key2,并将其从 user6 密钥存储库中删除。
再次删除 file1、file2 和 file3。
user6 使用 restore 命令成功地恢复了所有的文件。
正如 efskeymgr -o 和 efskeymgr -V 命令所显示的,任何新生成的 Shell 都不包含 key2。
user6 可以使用活动密钥 (key3) 访问 file3、使用已弃用的密钥 (key1) 访问 file1,但再不能够访问 file2,因为 key2 已经删除。
示例 4 除了文件之外还必须保存访问密钥
$ echo 1111 > file1
$ efsmgr -l file1
EFS File information:
Algorithm:AES_128_CBC
List of keys that can open the file:
Key #1:
Algorithm :RSA_1024
Who :uid 208
Key fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c
$ efskeymgr -v
Keystore content:
Keystore owner ............: uid 208
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/11/07 at 16:10:19
Private key:
Algorithm :RSA_1024
Fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c
Validity :This key is valid.
$ efskeymgr -R RSA_1024
$ efskeymgr -o ksh user6's EFS password:
$ touch file2
$ echo 2222> file2
EFS File information:
Algorithm:AES_128_CBC
List of keys that can open the file:
Key #1:
Algorithm :RSA_1024
Who :uid 208
Key fingerprint :ffcbef78:cf865d70:bfab5101:ab572d70:f3326d79
$ efskeymgr -R RSA_1024
$ efskeymgr -o ksh user6's EFS password:
$ echo 3333> file3
$ efsmgr -l file3
EFS File information:
Algorithm:AES_128_CBC
List of keys that can open the file:
Key #1:
Algorithm :RSA_1024
Who :uid 208
Key fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e
$ efskeymgr -v
Keystore content:
Keystore owner ............: uid 208
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/11/07 at 16:10:19
Private key:
Algorithm :RSA_1024
Fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e
Validity :This key is valid.
Private key:
Algorithm :RSA_1024
Fingerprint :ffcbef78:cf865d70:bfab5101:ab572d70:f3326d79
Validity :This key was deprecated on 05/11/07 at 16:41:27.
Private key:
Algorithm :RSA_1024
Fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c
Validity :This key was deprecated on 05/11/07 at 16:33:10.
$ ls file*|backup -ivZf archive
Mount volume 1 on archive.
Press Enter to continue.
Backing up to archive.
Cluster 51200 bytes (100 blocks).
Volume 1 on archive
a 4096 file1
a 4096 file2
a 4096 file3
The total size is 12288 bytes.
Backup finished on Fri May 11 17:03:46 CDT 2007; there are 100 blocks on 1 volumes.
$ rm file*
$ restore -xvf archive
Please mount volume 1 on archive.
Press the Enter key to continue.
New volume on archive:
Cluster size is 51200 bytes (100 blocks).
The volume number is 1.
The backup date is:Fri May 11 17:03:45 CDT 2007
Files are backed up by name.
The user is root.
x 4096 file1
x 4096 file2
x 4096 file3
The total size is 12288 bytes.
The number of restored files is 3.
$ efsmgr -l file1
EFS File information:
Algorithm:AES_128_CBC
List of keys that can open the file:
Key #1:
Algorithm :RSA_1024
Who :uid 208
Key fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c
$ efsmgr -l file2
EFS File information:
Algorithm:AES_128_CBC
List of keys that can open the file:
Key #1:
Algorithm :RSA_1024
Who :uid 208
Key fingerprint :ffcbef78:cf865d70:bfab5101:ab572d70:f3326d79
$ efsmgr -l file3
EFS File information:
Algorithm:AES_128_CBC
List of keys that can open the file:
Key #1:
Algorithm :RSA_1024
Who :uid 208
Key fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e
$ cat file*
1111
2222
3333
$ efskeymgr -D ffcbef78:cf865d70:bfab5101:ab572d70:f3326d79
$ efskeymgr -v
Keystore content:
Keystore owner ............: uid 208
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/11/07 at 16:10:19
Private key:
Algorithm :RSA_1024
Fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e
Validity :This key is valid.
Private key:
Algorithm :RSA_1024
Fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c
Validity :This key was deprecated on 05/11/07 at 16:33:10.
$ rm file*
$ restore -xvf archive
Please mount volume 1 on archive.
Press the Enter key to continue.
New volume on archive:
Cluster size is 51200 bytes (100 blocks).
The volume number is 1.
The backup date is:Fri May 11 17:03:45 CDT 2007
Files are backed up by name.
The user is root.
x 4096 file1
x 4096 file2
x 4096 file3
The total size is 12288 bytes.
The number of restored files is 3.
$ efskeymgr -o ksh
$ cat file*
1111
cat:0652-050 Cannot open file2.
3333
示例 5 使用活动的用户密钥对文件进行重新加密
$ efskeymgr -v
Keystore content:
Keystore owner ............: uid 208
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/11/07 at 16:10:19
Private key:
Algorithm :RSA_1024
Fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e
Validity :This key is valid.
Private key:
Algorithm :RSA_1024
Fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c
Validity :This key was deprecated on 05/11/07 at 16:33:10.
$ efsmgr -l file1
EFS File information:
Algorithm:AES_128_CBC
List of keys that can open the file:
Key #1:
Algorithm :RSA_1024
Who :uid 208
Key fingerprint :c566b5cf:04921ffa:1480a2bc:b34d48f3:c9cccb9c
$ efsmgr -e file1
$ efsmgr -l file1
EFS File information:
Algorithm:AES_128_CBC
List of keys that can open the file:
Key #1:
Algorithm :RSA_1024
Who :uid 208
Key fingerprint :340e3449:a1fb5712:6163de83:02c08db1:400d830e
中查找“AIX 6 加密文件系统(Encrypted File System),第 6 部分:备份与恢复”更多相关内容
中查找“AIX 6 加密文件系统(Encrypted File System),第 6 部分:备份与恢复”更多相关内容更多精彩
赞助商链接
