Use the encryption-settings tool to:

  • List the available encryption settings definitions.
  • Create new encryption settings definitions.
  • Delete existing encryption settings definitions.
  • Indicate which encryption settings definition is the preferred definition.
  • Export encryption settings definitions to a file for backup purposes and to allow them to be imported for use in other PingDirectory server instances.
  • Enable and disable data encryption restrictions for the server and list active restrictions.
  • Freeze or unfreeze the encryption settings database.
  • Supply the passphrase for the Wait for Passphrase cipher stream provider to unlock the encryption settings database.
  • To display the set of available encryption settings definitions, use the encryption-settings tool with the list subcommand.

    This subcommand does not take any arguments.

    $ bin/encryption-settings list

    For each definition, the result includes:

    • The unique identifier for the definition
    • Whether the definition is the preferred definition
    • The cipher transformation and key length that are used for encryption
    Encryption Settings Definition ID: 4D86C7922F71BB57B8B5695D2993059A26B8FC01
    Preferred for New Encryption: false 
    Cipher Transformation: DESede 
    Key Length (bits): 192
    Encryption Settings Definition ID: F635E109A8549651025D01D9A6A90F7C9017C66D 
    Preferred for New Encryption: true 
    Cipher Transformation: AES 
    Key Length (bits): 128