PingDirectory

Creating encryption-settings definitions

The create subcommand provides a mechanism for creating a new encryption-settings definition.

About this task

To create an encryption-settings definition:

Steps

  • To specify the definition, use the encryption-settings tool with the create subcommand.

    This subcommand takes the following arguments.

    The create subcommand accepted arguments
    Argument Description

    --cipher-algorithm <algorithm> (required)

    Specifies the base cipher algorithm to use. Make sure the <algorithm> input is the name of the algorithm, such as AES, DES, DESede, Blowfish, RC4.

    --cipher-transformation <transformation> (optional)

    Specifies the full cipher transformation to use including the cipher mode and padding algorithms, such as AES/CBC/ PKCS5Padding.

    If you do not provide this argument, the JVM-default transformation is used for the specified cipher algorithm.

    --key-length-bits <length> (required)

    Specifies the length of the encryption key in bits, such as 128.

    --set-preferred

    Indicates that the new encryption-settings definition is made the preferred definition and used for subsequent encryption operations in the server.

    By default, the first definition you create in the encryption-settings database is the preferred definition.

    Example:

    $ bin/encryption-settings create --cipher-algorithm AES \
      --key-length-bits 128 --set-preferred

    Result:

    Successfully created a new encryption settings definition with ID
    F635E109A8549651025D01D9A6A90F7C9017C66D