Encrypting JFS2 file systems

Beginning with AIX® Version 6.1, Encrypted File System (EFS) is supported on JFS2 file systems. EFS allows you to encrypt your data and control access to the data through keyed protection.

A key is associated with each user and is stored in a cryptographically protected key store. Upon successful login, the user's keys are loaded into the kernel and associated with the process credentials. To open an EFS-protected file, the process credentials are tested. If the process finds a key that matches the file protection, the process decrypts the file key and the file content.

By default, JFS2 file systems are not EFS-enabled. A JFS2 file system must be EFS-enabled before any data can be encrypted.