Encrypts or decrypts data using a key generated from a user-supplied passphrase, a key generated from an encryption settings definition, or a key shared among servers in the topology. The data to be processed can be read from a file or standard input, and the resulting data can be written to a file or standard output. This can be used to encrypt and subsequently decrypt arbitrary data, but it can also be used to decrypt encrypted backups, LDIF exports, and log files generated by the server.
encrypt-file
encrypt-file --input-file unencrypted.input --output-file encrypted.output \ --compress-output --prompt-for-passphrase
encrypt-file --decrypt --input-file encrypted.input \ --output-file decrypted.output --decompress-input \ --passphrase-file encryption-key-passphrase.txt
encrypt-file --decrypt --input-file encrypted.input \ --output-file decrypted.output
-V
--version
Description | Display Directory Server version information |
-H
--help
Description | Display general usage information |
--help-debug
Description | Display help for using debug options |
Advanced | Yes |
-i {path}
--input-file {path}
Description | The path to the file containing the data to be encrypted or decrypted. The specified file must exist. If this argument is not provided, then the data will be read from standard input, and it is expected that the input will be piped in from another command |
Required | No |
Multi-Valued | No |
-o {path}
--output-file {path}
Description | The path to the file to which the encrypted or decrypted data should be written. If the file already exists, it will be overwritten. If the file does not exist, then its parent directory must exist. If this argument is not provided, then the data will be written to standard output, and it is expected that the output will be piped into another command or redirected into a file |
Required | No |
Multi-Valued | No |
--decrypt
Description | Indicates that the tool should decrypt the data that it reads instead of encrypting it. If this argument is not provided, then the data will be encrypted |
-p
--prompt-for-passphrase
Description | Indicates that the tool should interactively prompt for a passphrase to use to generate the encryption key. This argument may be provided when either encrypting or decrypting data, but it must not be used when the data to process is to be read from standard input |
--passphrase-file {path}
Description | The path to a file containing the passphrase to use to generate the encryption key. The file must exist and must contain a single line that is comprised entirely of the passphrase |
Required | No |
Multi-Valued | No |
--encryption-settings-id {id}
Description | The identifier for the encryption settings definition that should be used to generate the encryption key. This argument should not be used in conjunction with the --decrypt argument because data encrypted with a key generated from an encryption settings definition will automatically include header that includes this identifier |
Required | No |
Multi-Valued | No |
--use-topology-key
Description | Indicates that the tool should encrypt data using a key that is shared among all servers in the topology, but that is not available outside of the topology. This argument should not be used in conjunction with the --decrypt argument because data encrypted with a topology key will automatically include a header that contains the internal identifier for this key |
--compress-output
Description | Compress the output with the gzip compression algorithm. Compression will be applied to the data before it is encrypted |
--decompress-input
Description | Decompress the input with the gzip compression algorithm. Decompression will be applied to the data after it is decrypted |
--max-megabytes-per-second {MB}
Description | The maximum rate, in megabytes per second, at which data should be processed. If this argument is specified, then the value must be between 1 and 2047, inclusive, and that rate limit will be applied to the output stream after any encryption and compression processing has been performed. This can be helpful to avoid generating excessive disk I/O that might affect the performance of busy production systems |
Required | No |
Multi-Valued | No |
--interactive
Description | Launch the tool in interactive mode. |
--propertiesFilePath {path}
Description | The path to a properties file used to specify default values for arguments not supplied on the command line. |
Required | No |
Multi-Valued | No |
--generatePropertiesFile {path}
Description | Write an empty properties file that may be used to specify default values for arguments. |
Required | No |
Multi-Valued | No |
--noPropertiesFile
Description | Do not obtain any argument values from a properties file. |
--suppressPropertiesFileComment
Description | Suppress output listing the arguments obtained from a properties file. |