Directory Server Documentation Index
Command-Line Tool Reference Home

encrypt-file

Description
Examples
Arguments

Description

Encrypts or decrypts data using a key generated from a user-supplied passphrase, a key generated from an encryption settings definition, or a key shared among servers in the topology. The data to be processed can be read from a file or standard input, and the resulting data can be written to a file or standard output. This can be used to encrypt and subsequently decrypt arbitrary data, but it can also be used to decrypt encrypted backups, LDIF exports, and log files generated by the server.

Examples

Reads unencrypted data from standard input, encrypts it using a key generated from the server's preferred encryption settings definition, and writes the resulting encrypted data to standard output. In this usage, it is expected that the data to encrypt will be piped into the encrypt-data tool, and the resulting encrypted data will be either piped into another command or redirected into a file:
encrypt-file


Reads unencrypted data from file 'unencrypted.input', encrypts it using a key generated from an interactively provided passphrase, and writes the encrypted data to compressed file 'encrypted.output':
encrypt-file --input-file unencrypted.input --output-file encrypted.output \
     --compress-output --prompt-for-passphrase


Reads encrypted data from compressed file 'encrypted.input', decrypts it using a key generated from a passphrase read from file 'encryption-key-passphrase.txt', and writes the uncompressed and decrypted data to file 'decrypted.output':
encrypt-file --decrypt --input-file encrypted.input \
     --output-file decrypted.output --decompress-input \
     --passphrase-file encryption-key-passphrase.txt


Reads encrypted data from file 'encrypted.input', decrypts it using either a key generated from one of the server's encryption settings definitions or a private topology key (if the file was encrypted using either of those mechanisms), and writes the decrypted data to file 'decrypted.output':
encrypt-file --decrypt --input-file encrypted.input \
     --output-file decrypted.output

Arguments

-V
--version

Description Display Directory Server version information

-H
--help

Description Display general usage information

--help-debug

Description Display help for using debug options
Advanced Yes

-i {path}
--input-file {path}

Description The path to the file containing the data to be encrypted or decrypted. The specified file must exist. If this argument is not provided, then the data will be read from standard input, and it is expected that the input will be piped in from another command
Required No
Multi-Valued No

-o {path}
--output-file {path}

Description The path to the file to which the encrypted or decrypted data should be written. If the file already exists, it will be overwritten. If the file does not exist, then its parent directory must exist. If this argument is not provided, then the data will be written to standard output, and it is expected that the output will be piped into another command or redirected into a file
Required No
Multi-Valued No

--decrypt

Description Indicates that the tool should decrypt the data that it reads instead of encrypting it. If this argument is not provided, then the data will be encrypted

-p
--prompt-for-passphrase

Description Indicates that the tool should interactively prompt for a passphrase to use to generate the encryption key. This argument may be provided when either encrypting or decrypting data, but it must not be used when the data to process is to be read from standard input

--passphrase-file {path}

Description The path to a file containing the passphrase to use to generate the encryption key. The file must exist and must contain a single line that is comprised entirely of the passphrase
Required No
Multi-Valued No

--encryption-settings-id {id}

Description The identifier for the encryption settings definition that should be used to generate the encryption key. This argument should not be used in conjunction with the --decrypt argument because data encrypted with a key generated from an encryption settings definition will automatically include header that includes this identifier
Required No
Multi-Valued No

--use-topology-key

Description Indicates that the tool should encrypt data using a key that is shared among all servers in the topology, but that is not available outside of the topology. This argument should not be used in conjunction with the --decrypt argument because data encrypted with a topology key will automatically include a header that contains the internal identifier for this key

--compress-output

Description Compress the output with the gzip compression algorithm. Compression will be applied to the data before it is encrypted

--decompress-input

Description Decompress the input with the gzip compression algorithm. Decompression will be applied to the data after it is decrypted

--max-megabytes-per-second {MB}

Description The maximum rate, in megabytes per second, at which data should be processed. If this argument is specified, then the value must be between 1 and 2047, inclusive, and that rate limit will be applied to the output stream after any encryption and compression processing has been performed. This can be helpful to avoid generating excessive disk I/O that might affect the performance of busy production systems
Required No
Multi-Valued No

--interactive

Description Launch the tool in interactive mode.

--propertiesFilePath {path}

Description The path to a properties file used to specify default values for arguments not supplied on the command line.
Required No
Multi-Valued No

--generatePropertiesFile {path}

Description Write an empty properties file that may be used to specify default values for arguments.
Required No
Multi-Valued No

--noPropertiesFile

Description Do not obtain any argument values from a properties file.

--suppressPropertiesFileComment

Description Suppress output listing the arguments obtained from a properties file.