Terminal control languageTCL commandsEencrypt-file command

encrypt-file command

The encrypt-file command encrypts data in a specified file.

Note:

  • To use this command, the OpenSSL libraries must be installed on your system (for Linux, the 32 bit OpenSSL libraries are required). If this command is run on a system without OpenSSL, the current process will stop, return to TCL, and the message Encryption libraries are not loaded will be displayed.

  • For Windows Only: The OpenSSL libraries must be present when restoring a save that contains encrypted data. Otherwise the restore process will terminate.

  • For Windows Only: Storing and encrypting files in the FSI:DM is not recommended and may produce unpredictable results.

Syntax

encrypt-file filename{,data-file}

Parameter(s)

filename Name of the file on which to apply encryption. The specified file must already exist. To enable encryption, you must be logged into the account in which the specified file exists.
Note: Item-ids and index keys are not encrypted. Additionally, only the data level of the file system can be encrypted. You cannot encrypt the MD or DICT of a file.
data-file (Optional) Specifies which data-file in the file to encrypt.  If not specified, the default data-file is encrypted.

Description

Encryption does not affect any existing file translates, indexes, bridges, triggers, and so on. These features will continue to function as expected. However, it should be noted that read and write operations on encrypted files are significantly slower than read and write operations on unencrypted files.

The sizes of encrypted items are approximately 1%  (plus six characters) larger than unencrypted items. Be aware that LIST commands display decrypted item sizes whereas ISTAT and similar commands display encrypted item sizes

Note: Once a file has been encrypted, data in the file remains encrypted on any subsequent file-saves, account-saves, incremental-saves and transaction-logging tapes. The only exceptions are:

  • FSI file data is not saved encrypted on file-saves, account-saves, incremental-saves and transaction-logging tapes.

  • performing  a t-dump on the file saves the data in its original plain-text format (unencrypted).

As with all files, file access is determined using file update and retrieval locks (set using the file-access-setup command in the dm account). If you have the appropriate user key for a file, items in that file are automatically decrypted for read operations and encrypted for write operations.

Example(s)

The example below encrypts the accounting file.

encrypt-file accounting
File successfully encrypted.

The example below encrypts only the purchases data-file of the accounting file.

encrypt-file accounting,purchases
File successfully encrypted.

See also

decrypt-file command

Parent topic: E