Troubleshooting
Problem
efskeymgr command generates errors when it is unable to read or access the user keystore.
Symptom
The efskeymgr command generates errors when it is unable to read or access the user keystore. Typical errors include, but may not be limited to...
# efskeymgr -o ksh
Encryption framework returned an error: Read keystore failed
# efskeymgr -o ksh
Encryption framework returned an error: Keystore does not exist
# efskeymgr -v
Encryption framework returned an error: Read keystore failed
# efskeymgr -V
There is no key loaded in the current process
Cause
A users EFS keystore can become corrupted
Environment
AIX V6.1 or 7.1 with EFS enabled.
Resolving The Problem
The above errors can typically be resolved by removing or renaming the users keystore, then having the user logout and log back in to force EFS to generate a new keystore.
NOTE: su will not cause a new keystore to be created. The user must log off completely before logging back in. If you need to generate a new root user keystore, be sure to enable remote root login in order to login directly as the root user, or login as root on the console in order to generate a new keystore.
NOTE: After creating a new keystore, you will not be able to decrypt any files previously encrypted with the previous keys.
eg:
# mv /var/efs/users/root/keystore /var/efs/users/root/keystore.bad
# cd /var/efs/users/root
# ls -l
total 8
-rw------- 1 root system 0 Feb 01 11:24 .lock
-rw------- 1 root system 1914 Feb 01 11:24 keystore.bad
# exit
Log back in as the root user and a new keystore will be created.
****************************************************************
* Welcome to AIX Version 6.1 *
****************************************************************
# cd /var/efs/users/root
# ls -l
total 8
-rw------- 1 root system 0 Feb 01 11:24 .lock
-rw------- 1 root system 1914 Feb 01 11:30 keystore
-rw------- 1 root system 1914 Feb 01 11:24 keystore.bad
Related Information
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1012055