The encrypt-file command encrypts data in a specified file.
If this command is run on a system without OpenSSL, the current process will stop and return to TCL. Additionally, you will see the Encryption libraries are not loaded message.
encrypt-file filename{,data-file}{(options}
filename | The name of the file on which to apply
encryption. The specified file must already exist. To enable encryption, you must be logged into the account in which the specified file exists. Note: Item-ids and index keys are not encrypted. Additionally, only the data level
of the file system can be encrypted. You cannot encrypt the MD or DICT of a
file.
|
|
data-file |
(Optional) Specifies which data-file in the file to encrypt. If not specified, the default data-file is encrypted. |
|
options | 2 | Uses AES-256 encryption instead of the default AES-128. |
Encryption does not affect any existing file translates, indexes, bridges, triggers, and so on. These features will continue to function as expected. However, note that read and write operations on encrypted files are significantly slower than read and write operations on unencrypted files.
The sizes of encrypted items are approximately 1% (plus six characters) larger than unencrypted items. Be aware that LIST commands display decrypted item sizes whereas ISTAT and similar commands display encrypted item sizes
As with all files, file access is determined using file update and retrieval locks (set using the file-access-setup command in the dm account). If you have the appropriate user key for a file, items in that file are automatically decrypted for read operations and encrypted for write operations.
If the encrypt processing code is on the file-defining item, then only the specified attributes will be encrypted.
For FSI files, the encrypt-file program also does an fsck (file check) to check the integrity of the file structure before the data is encrypted and scrubs all free space in the file after it is encrypted to ensure that residual, unencrypted data is not left in the unused space.
Example 1
This example encrypts the locations file.
The dictionary-code field has the entry of DE1, which indicates that the file is encrypted.
:encrypt-file locations File successfully encrypted. :ud locations DICT locations 'locations' size = 59 dictionary-code DE1 base 18652 modulo 1 structure retrieval-lock update-lock output-conversion correlative attribute-type L column-width 10 input-conversion macro output-macro description reallocation segment-base segment-mod hotkey.all hotkey1 hotkey2 hotkey3 hotkey4 hotkey5 hotkey6 hotkey7 hotkey8 hotkey9 hotkey0 DICT locations 'locations' size = 59 exited. :dump 18652 fid: 18652 : 0 0 0 0 ( 48DC : 0 0 0 0 ) 000 :....k...WHSE1^<enc1>...RZ..z..\c.-A......X..1...m.: 050 :.N.2[.=....8e.Y)..r.%.9z.p%O..l. .1.......a...}C..: 100 :`..I.^__....o...WHSE2^<enc1>.C..........^....m....: 150 :.S.I.t.....=.+..,...G.y..k.........3...Cgbq^y..3.h: 200 :..%.[.Y..V6m..|c.^__....k...WHSE3^<enc1>..=......j: 250 :7j....n...n4. 4[_.\..^...=..z1T....k&.Z...{.......: 300 :.p<....J.^.`....G|w.7]...K^__^3737961123^__......G: 350 :r7..]C...tu.^_____________________________________: 400 :__________________________________________________: 450 :__________________________________________________:
Example 2
This example encrypts the accounting file.
:encrypt-file accounting File successfully encrypted.
Example 3
This example encrypts only the purchases data-file of the accounting file.
:encrypt-file accounting,purchases File successfully encrypted.