20.3 Creating an Encrypted Volume

NSS Encrypted Volume Support allows you to create encrypted NSS volumes using NSSMU version 3.20 build 940 or later. You can create encrypted user data volumes only after the installation or upgrade process. You cannot encrypt the sys: volume.

EVS is supported by NSS volumes on NetWare 6.5 SP2 and later, OES NetWare and later, and OES SP1 Linux and later operating systems. If you choose to encrypt a volume, you cannot roll back the system to earlier versions of NetWare or OES Linux without taking steps to preserve your data before the rollback. For information, see Section 20.12, Removing Encrypted Volumes.

WARNING:We strongly recommend that you verify that your system is working as desired before creating encrypted volumes on the system.

  1. In NSSMU, select Volumes, then press Enter.

  2. To create a new volume, press the Insert key.

    A query asks if you want to encrypt the volume.

  3. To encrypt the new volume, select Yes, then press Enter.

    NSS enables the Encrypted attribute for the volume, then prompts you to enter a password for the volume.

  4. Enter an encryption password, then enter it again to verify it.

    The encryption password can be 2 to 16 standard ASCII characters, with a suggested minimum of 6. The password generates a 128-bit NICI key for encryption. The password persists for the life of the volume; it cannot be changed later.

  5. Set the volume size and other attributes, as desired.

    When you are done, the encrypted volume is active and mounted.

You must supply the encryption password for the volume on the first volume activation (or mount on Linux) after a system boot or reboot. For information, see Section 20.4, Mounting an Encrypted NSS Volume with NSSMU (Linux).

On NetWare, you can also enter the password as needed when you activate a volume from the command line. For information, see Section 20.6, Mounting Encrypted NSS Volumes with NSS Commands (Linux).

For information about entering the password for a volume in a cluster, see Section 20.10, Using Encrypted Volumes in a Server Cluster (Linux).