Manage the server encryption settings database.
More information about the cipher algorithms and transformations available for use may be found in the Java Cryptography Architecture Reference Guide available online at http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html, as well as the Standard Algorithm Name Documentation available at http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html.
encryption-settings supply-passphrase
encryption-settings list
encryption-settings list-ciphers
encryption-settings create --cipher-algorithm AES --key-length-bits 128 \
--set-preferred
encryption-settings delete --id DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
encryption-settings export --id DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 \
--output-file /tmp/exported-key --pin-file /tmp/exported-key.pin
encryption-settings import --input-file /tmp/exported-key \
--pin-file /tmp/exported-key.pin --set-preferred
encryption-settings set-preferred --id DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
Create a new encryption settings definition for use by the server. A new random key will be generated based on the provided settings
encryption-settings create --cipher-algorithm AES --key-length-bits 128 \
--set-preferred
-a {algorithm}
--cipher-algorithm {algorithm}
| Description | The cipher algorithm to use for encryption and decryption. This must be provided |
| Required | Yes |
| Multi-Valued | No |
-t {transformation}
--cipher-transformation {transformation}
| Description | The full cipher transformation that will be used for encryption and decryption. If this is not provided, then a default transformation will be used based on the specified cipher algorithm |
| Required | No |
| Multi-Valued | No |
-l {bits}
--key-length-bits {bits}
| Description | The length in bits of the encryption key that should be used for the encryption settings definition |
| Lower Bound | 1 |
| Required | Yes |
| Multi-Valued | No |
-p
--set-preferred
| Description | Make the new encryption settings definition preferred for subsequent encryption operations. If the new definition is the first definition, then it will automatically be set preferred |
Delete an encryption settings definition from the server. Note that the preferred encryption settings definition may not be deleted unless it is the only available definition
encryption-settings delete --id DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
-i {id}
--id {id}
| Description | The identifier for the encryption settings definition to remove |
| Required | Yes |
| Multi-Valued | No |
Export an encryption settings definition from the server so that it can be imported into another server
encryption-settings export --id DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 \
--output-file /tmp/exported-key --pin-file /tmp/exported-key.pin
-i {id}
--id {id}
| Description | The identifier for the encryption settings definition to export |
| Required | Yes |
| Multi-Valued | No |
-o {path}
--output-file {path}
| Description | The path of the output file to which the exported encryption settings should be written |
| Required | Yes |
| Multi-Valued | No |
-W {path}
--pin-file {path}
| Description | The path of the file containing the PIN that should be used to encrypt the exported encryption settings. If this is not provided, it will be interactively requested from the user |
| Required | No |
| Multi-Valued | No |
Import an encryption settings definition into the server
encryption-settings import --input-file /tmp/exported-key \
--pin-file /tmp/exported-key.pin --set-preferred
-i {path}
--input-file {path}
| Description | The path of the input file containing the encryption settings definition to import |
| Required | Yes |
| Multi-Valued | No |
-W {path}
--pin-file {path}
| Description | The path of the file containing the PIN that should be used to decrypt the exported encryption settings. If this is not provided, it will be interactively requested from the user |
| Required | No |
| Multi-Valued | No |
-p
--set-preferred
| Description | Make the new encryption settings definition preferred for subsequent encryption operations. If the new definition is the first definition, then it will automatically be set preferred |
List all of the encryption settings definitions available to the server
List all of the encryption ciphers available to the server
encryption-settings list-ciphers
Specify the preferred settings to use for encryption in the server
encryption-settings set-preferred --id DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
-i {id}
--id {id}
| Description | The identifier for the encryption settings definition to set as preferred |
| Required | Yes |
| Multi-Valued | No |
Interactively supply the passphrase needed to access the contents of the encryption settings database. This is only applicable if the server is configured to use a 'Wait for Passphrase' cipher stream provider
encryption-settings supply-passphrase
-V
--version
| Description | Display Identity Broker version information |
-H
--help
| Description | Display general usage information |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |