Encryption and inheritance

EFS is a feature of J2. The filesystem's efs option must be set to yes (see the mkfs and chfs commands).

J2 EFS automatically encrypts and decrypts user data. However, if a user has read access to an EFS-activated file but does not have the right key, then the user cannot read the file in the normal manner; if the user does not have a valid key, it is impossible to decrypt the data.

All cryptographic functions come from the CLiC kernel services and CLiC user libraries.

By default, a J2 File System is not EFS-enabled. A J2 File System must be EFS-enabled before File System EFS inheritance can be activated or any EFS encryption of user data can take place. A file is created as an encrypted file either explicitly with the efsmgr command or implicitly via EFS inheritance. EFS inheritance can be activated either at the File System level, at a Directory level, or both.

The ls command lists entries of an encrypted file with a preceeding e.

The cp and mv commands can handle metadata and encrypted data seamlessly across EFS-to-EFS and EFS-to-non-EFS scenarios.

The backup, restore, and tar commands and related commands can back up and restore encrypted data, including EFS meta-data used for encryption and decryption.