encrypt-file command

The encrypt-file command encrypts data in a specified file.

To use this command, the OpenSSL libraries must be installed on your system.
  • For UNIX Implementations: The OpenSSL libraries are required.

    If this command is run on a system without OpenSSL, the current process will stop and return to TCL. Additionally, you will see the Encryption libraries are not loaded message.

  • For Windows Only:
    • The OpenSSL libraries must be present when restoring a save that contains encrypted data. Otherwise, the restore process will terminate.
    • Storing and encrypting files in the FSI:DM is not recommended and might produce unpredictable results.


 encrypt-file filename{,data-file}{(options}


filename The name of the file on which to apply encryption.

The specified file must already exist. To enable encryption, you must be logged into the account in which the specified file exists.

Note: Item-ids and index keys are not encrypted. Additionally, only the data level of the file system can be encrypted. You cannot encrypt the MD or DICT of a file.
data-file (Optional) Specifies which data-file in the file to encrypt.

If not specified, the default data-file is encrypted.

options 2 Uses AES-256 encryption instead of the default AES-128.


Encryption does not affect any existing file translates, indexes, bridges, triggers, and so on. These features will continue to function as expected. However, note that read and write operations on encrypted files are significantly slower than read and write operations on unencrypted files.

The sizes of encrypted items are approximately 1%  (plus six characters) larger than unencrypted items. Be aware that LIST commands display decrypted item sizes whereas ISTAT and similar commands display encrypted item sizes

After a file has been encrypted, data in the file remains encrypted on any subsequent file-saves, account-saves, incremental-saves, and transaction-logging tapes. The only exceptions are:
  • FSI file data is not saved encrypted on file-saves, account-saves, incremental-saves, or transaction-logging tapes.
  • Data is saved in its original plain-text format (unencrypted) when a t-dump command is used on the file.
  • Index keys are stored in clear text for indexes created on an encrypted file.

As with all files, file access is determined using file update and retrieval locks (set using the file-access-setup command in the dm account). If you have the appropriate user key for a file, items in that file are automatically decrypted for read operations and encrypted for write operations.

If the encrypt processing code is on the file-defining item, then only the specified attributes will be encrypted.

FSI files

For FSI files, the encrypt-file program also does an fsck (file check) to check the integrity of the file structure before the data is encrypted and scrubs all free space in the file after it is encrypted to ensure that residual, unencrypted data is not left in the unused space.


Example 1

This example encrypts the locations file.

The dictionary-code field has the entry of DE1, which indicates that the file is encrypted.

 :encrypt-file locations 
 File successfully encrypted.
 :ud locations
 DICT locations  'locations' size = 59
 dictionary-code    DE1
 base               18652 
 modulo             1
 attribute-type     L
 column-width       10
 segment-base segment-mod
 DICT locations  'locations' size = 59 exited.
 :dump 18652
   fid:   18652 :   0      0      0   0  (   48DC :  0       0       0  0 )
 000 :....k...WHSE1^<enc1>...RZ..z..\c.-A......X..1...m.:
 050 :.N.2[.=....8e.Y)..r.%.9z.p%O..l. .1.......a...}C..:
 100 :`..I.^__....o...WHSE2^<enc1>.C..........^....m....:
 150 :.S.I.t.....=.+..,...G.y..k.........3...Cgbq^y..3.h:
 200 :..%.[.Y..V6m..|c.^__....k...WHSE3^<enc1>..=......j:
 250 :7j....n...n4. 4[_.\..^...=..z1T....k&.Z...{.......:
 300 :.p<....J.^.`....G|w.7]...K^__^3737961123^__......G:
 350 :r7..]C...tu.^_____________________________________:
 400 :__________________________________________________:
 450 :__________________________________________________:

Example 2

This example encrypts the accounting file.

 :encrypt-file accounting
 File successfully encrypted.

Example 3

This example encrypts only the purchases data-file of the accounting file.

 :encrypt-file accounting,purchases
 File successfully encrypted.