Saturday, January 29, 2011

common EFS issues in AIX

Problem: Can't enable EFS on the system

# efsenable -a
/usr/lib/drivers/crypto/clickext: A file or directory in the path name does not exist.
Unable to load CLiC kernel extension. Please check your installation.

Solution:
Install CLiC filesets from AIX Expansion Pack CD

clic.rte
installp -l -d clic.rte
Fileset Name Level I/U Q Content
====================================================================
clic.rte.includes 4.3.0.0 I N usr
# CryptoLite for C Library Include File

clic.rte.kernext 4.3.0.0 I N usr,root
# CryptoLite for C Kernel

clic.rte.lib 4.3.0.0 I N usr
# CryptoLite for C Library


2) Problem: Can't view user's key:

$ efskeymgr -v
Problem initializing EFS framework.
Please check EFS is installed and enabled (see efsenable) on you system.
Error was: (EFS was not configured)

Solution:
Enable EFS on the system:
# efsenable -a
and give root's password when it asks for root's initial keystore.


3) Problem: Can't enable encryption inheritiance on a directory.
# efsmgr -E testdir
or
Can't enable encryption on a specific file
# efsmgr -e myfile

Problem initializing EFS framework.
Please check EFS is installed and enabled on you system.
Error was: (EFS was not configured)

Solution:
Make sure CLiC filesets are installed
Enable EFS on the system
Enable EFS and RBAC on the filesystem:

# chfs -a efs=yes /myfilesystem


4) Problem: Have enabled EFS on a filesystem but get error mounting:

# mount /efstest
The CLiC library (libclic.a) is not available. Install clic.rte and run 'efsenable -a'.

Solution:
Install CLiC filesets
Enable EFS on the system
Remount the filesystem



5) Problem: No encryption algorithms show up!
# efsenable -q
List of supported algorithms for keystores:
1
2
3

List of supported ciphers for files:
1
2
3
4
5
6

Solution:
Install CLiC filesets

# efsenable -q
List of supported algorithms for keystores:
1 RSA_1024
2 RSA_2048
3 RSA_4096

List of supported ciphers for files:
1 AES_128_CBC
2 AES_192_CBC
3 AES_256_CBC
4 AES_128_ECB
5 AES_192_ECB
6 AES_256_ECB

No comments:

Post a Comment