PingDirectory

Using the encryption-settings tool

The encryption-settings tool provides a mechanism for interacting with the server’s encryption settings database.

About this task

Use the encryption-settings tool to:

  • List the available encryption settings definitions.

  • Create new encryption settings definitions.

  • Delete existing encryption settings definitions.

  • Indicate which encryption settings definition is the preferred definition.

  • Export encryption settings definitions to a file for backup purposes and to allow them to be imported for use in other PingDirectory server instances.

  • Enable and disable data encryption restrictions for the server and list active restrictions.

  • Freeze or unfreeze the encryption settings database.

  • Supply the passphrase for the Wait for Passphrase cipher stream provider to unlock the encryption settings database.

Steps

  • To display the set of available encryption settings definitions, use the encryption-settings tool with the list subcommand.

    This subcommand does not take any arguments.

    Example:

    $ bin/encryption-settings list

    Result:

    For each definition, the result includes:

    • The unique identifier for the definition

    • Whether the definition is the preferred definition

    • The cipher transformation and key length that are used for encryption

      Encryption Settings Definition ID: 4D86C7922F71BB57B8B5695D2993059A26B8FC01
      Preferred for New Encryption: false
      Cipher Transformation: DESede
      Key Length (bits): 192
      
      Encryption Settings Definition ID: F635E109A8549651025D01D9A6A90F7C9017C66D
      Preferred for New Encryption: true
      Cipher Transformation: AES
      Key Length (bits): 128