Creating encryption-settings definitions
The create
subcommand provides a mechanism for creating a new encryption-settings definition.
About this task
To create an encryption-settings definition:
Steps
-
To specify the definition, use the
encryption-settings
tool with thecreate
subcommand.This subcommand takes the following arguments.
The create
subcommand accepted argumentsArgument Description --cipher-algorithm <algorithm>
(required)Specifies the base cipher algorithm to use. Make sure the
<algorithm>
input is the name of the algorithm, such as AES, DES, DESede, Blowfish, RC4.--cipher-transformation <transformation>
(optional)Specifies the full cipher transformation to use including the cipher mode and padding algorithms, such as AES/CBC/ PKCS5Padding.
If you do not provide this argument, the JVM-default transformation is used for the specified cipher algorithm.
--key-length-bits <length>
(required)Specifies the length of the encryption key in bits, such as 128.
--set-preferred
Indicates that the new encryption-settings definition is made the preferred definition and used for subsequent encryption operations in the server.
By default, the first definition you create in the encryption-settings database is the preferred definition.
Example:
$ bin/encryption-settings create --cipher-algorithm AES \ --key-length-bits 128 --set-preferred
Result:
Successfully created a new encryption settings definition with ID F635E109A8549651025D01D9A6A90F7C9017C66D