20.3 Creating an Encrypted Volume

NSS Encrypted Volume Support allows you to create encrypted NSS volumes using NSSMU version 3.20 build 940 or later. You can create encrypted user data volumes only after the installation or upgrade process.

If you choose to encrypt a volume, you cannot roll back the system to earlier versions of OES 2 without taking steps to preserve your data before the rollback. For information, see Section 20.8, Removing Encrypted Volumes.

WARNING:We strongly recommend that you verify that your system is working as desired before creating encrypted volumes on the system.

  1. In NSSMU, select Volumes, then press Enter.

  2. To create a new volume, press the Insert key.

    A query asks if you want to encrypt the volume.

  3. To encrypt the new volume, select Yes, then press Enter.

    NSS enables the Encrypted attribute for the volume, then prompts you to select the encryption key type for the volume.

  4. Select the encryption key type and enter a password, then enter password again to verify it.

    The encryption password can be 2 to 16 standard ASCII characters, with a suggested minimum of 6. The password generates a 128 or 256-bit NICI key for encryption. The password persists for the life of the volume; it cannot be changed later.

  5. Set the volume size and other attributes, as desired.

    When you are done, the encrypted volume is active and mounted.

You must supply the encryption password for the volume on the first volume mount after a system boot or reboot. For information, see Section 20.4, Mounting an Encrypted NSS Volume with NSSMU.

For information about entering the password for a volume in a cluster, see Section 20.7, Using Encrypted Volumes in a Server Cluster.