Nonstop Volume Level Encryption Guide
150 Opening data connection for nssukey (16.92.141.110,62452d).
226 Binary Transfer complete.
ftp: 1261 bytes sent in 0.00Seconds 1261.00Kbytes/sec.
ftp> put client.signed.der nssucert,0
200 PORT command successful.
150 Opening data connection for nssucert (16.89.93.70,63991d).
226 Binary Transfer complete.
ftp: 933 bytes sent in 0.00Seconds 466.50Kbytes/sec.
ftp>
ftp> quit
221 Goodbye.
p. Delete the temporary files in the C:\zencrypt directory and the directory itself:
C:\zencrypt> del *
C:\zencrypt\*, Are you sure (Y/N)? y
C:\zencrypt>cd ..
C:\> rmdir zencrypt
q. Log onto the NonStop system as SUPER.SUPER, volume to $SYSTEM.ZENCRYPT, and FUP
SECURE the files in the ZENCRYPT subvolume that you transferred. Using %045555 as the
secure-option sets the file security to "CCCC" and sets the CLEARONPURGE option to ON.
When these files are purged the data in the file will be physically deallocated by overwriting
the file space with blank data.
$SYSTEM.ZENCRYPT 25> fup secure zencrypt.*, %045555
$SYSTEM.ZENCRYPT 26> fileinfo zencrypt.*
$SYSTEM.ZENCRYPT
CODE EOF LAST MODIFIED OWNER RWEP PExt SExt
NSSUCERT 0 933 08JAN2010 16:24 255,255 CCCC 14 112
NSSUKEY 0 1261 08JAN2010 16:24 255,255 CCCC 14 112
NSSUPASS 101 2076 08JAN2010 16:24 255,255 CCCC 14 14
$SYSTEM.ZENCRYPT 27>
Now the NonStop system has these files: the NSSuser passphrase file (NSSUPASS), the NSSuser
private key file (NSSUKEY), and the NSSuser signed client certificate (NSSUCERT).
Go on to “H. Add local CA NSVLECA, other local CAs and known CAs to the key manager's
trusted CA list ” (page 40).
Installation steps 33