Using the encryption-settings tool
The encryption-settings
tool provides a mechanism for interacting with the server’s encryption settings database.
About this task
Use the encryption-settings
tool to:
-
List the available encryption settings definitions.
-
Create new encryption settings definitions.
-
Delete existing encryption settings definitions.
-
Indicate which encryption settings definition is the preferred definition.
-
Export encryption settings definitions to a file for backup purposes and to allow them to be imported for use in other PingDirectory server instances.
-
Enable and disable data encryption restrictions for the server and list active restrictions.
-
Freeze or unfreeze the encryption settings database.
-
Supply the passphrase for the Wait for Passphrase cipher stream provider to unlock the encryption settings database.
Steps
-
To display the set of available encryption settings definitions, use the
encryption-settings
tool with thelist
subcommand.This subcommand does not take any arguments.
Example:
$ bin/encryption-settings list
Result:
For each definition, the result includes:
-
The unique identifier for the definition
-
Whether the definition is the preferred definition
-
The cipher transformation and key length that are used for encryption
Encryption Settings Definition ID: 4D86C7922F71BB57B8B5695D2993059A26B8FC01 Preferred for New Encryption: false Cipher Transformation: DESede Key Length (bits): 192 Encryption Settings Definition ID: F635E109A8549651025D01D9A6A90F7C9017C66D Preferred for New Encryption: true Cipher Transformation: AES Key Length (bits): 128
-