The encrypt-file command encrypts data in a specified file.
If this command is run on a system without OpenSSL, the current process will stop and return to TCL. Additionally, you will see the Encryption libraries are not loaded message.
encrypt-file filename{,data-file}{(options}
| filename | The name of the file on which to apply
encryption. The specified file must already exist. To enable encryption, you must be logged into the account in which the specified file exists. Note: Item-ids and index keys are not encrypted. Additionally, only the data level
of the file system can be encrypted. You cannot encrypt the MD or DICT of a
file.
|
|
| data-file |
(Optional) Specifies which data-file in the file to encrypt. If not specified, the default data-file is encrypted. |
|
| options | 2 | Uses AES-256 encryption instead of the default AES-128. |
Encryption does not affect any existing file translates, indexes, bridges, triggers, and so on. These features will continue to function as expected. However, note that read and write operations on encrypted files are significantly slower than read and write operations on unencrypted files.
The sizes of encrypted items are approximately 1% (plus six characters) larger than unencrypted items. Be aware that LIST commands display decrypted item sizes whereas ISTAT and similar commands display encrypted item sizes
As with all files, file access is determined using file update and retrieval locks (set using the file-access-setup command in the dm account). If you have the appropriate user key for a file, items in that file are automatically decrypted for read operations and encrypted for write operations.
If the encrypt processing code is on the file-defining item, then only the specified attributes will be encrypted.
For FSI files, the encrypt-file program also does an fsck (file check) to check the integrity of the file structure before the data is encrypted and scrubs all free space in the file after it is encrypted to ensure that residual, unencrypted data is not left in the unused space.
Example 1
This example encrypts the locations file.
The dictionary-code field has the entry of DE1, which indicates that the file is encrypted.
:encrypt-file locations
File successfully encrypted.
:ud locations
DICT locations 'locations' size = 59
dictionary-code DE1
base 18652
modulo 1
structure
retrieval-lock
update-lock
output-conversion
correlative
attribute-type L
column-width 10
input-conversion
macro
output-macro
description
reallocation
segment-base segment-mod
hotkey.all
hotkey1
hotkey2
hotkey3
hotkey4
hotkey5
hotkey6
hotkey7
hotkey8
hotkey9
hotkey0
DICT locations 'locations' size = 59 exited.
:dump 18652
fid: 18652 : 0 0 0 0 ( 48DC : 0 0 0 0 )
000 :....k...WHSE1^<enc1>...RZ..z..\c.-A......X..1...m.:
050 :.N.2[.=....8e.Y)..r.%.9z.p%O..l. .1.......a...}C..:
100 :`..I.^__....o...WHSE2^<enc1>.C..........^....m....:
150 :.S.I.t.....=.+..,...G.y..k.........3...Cgbq^y..3.h:
200 :..%.[.Y..V6m..|c.^__....k...WHSE3^<enc1>..=......j:
250 :7j....n...n4. 4[_.\..^...=..z1T....k&.Z...{.......:
300 :.p<....J.^.`....G|w.7]...K^__^3737961123^__......G:
350 :r7..]C...tu.^_____________________________________:
400 :__________________________________________________:
450 :__________________________________________________:
Example 2
This example encrypts the accounting file.
:encrypt-file accounting File successfully encrypted.
Example 3
This example encrypts only the purchases data-file of the accounting file.
:encrypt-file accounting,purchases File successfully encrypted.