The encryption-settings tool provides a mechanism for interacting with the server's encryption-settings database. It may be used to list the available definitions, create new definitions, delete existing definitions, and indicate which definition should be the preferred definition. It may also be used to export definitions to a file for backup purposes and to allow them to be imported for use in other Directory Server instances.

To list the available encryption definitions:

  • Use the encryption-settings tool with the list subcommand to display the set of available encryption settings definitions. This subcommand does not take any arguments. For each definition, it will include the unique identifier for the definition, as well as the cipher transformation and key length that will be used for encryption and whether it is the preferred definition.
    $ bin/encryption-settings list
    Encryption Settings Definition ID: 4D86C7922F71BB57B8B5695D2993059A26B8FC01
    Preferred for New Encryption: false 
    Cipher Transformation: DESede 
    Key Length (bits): 192
    
    Encryption Settings Definition ID: F635E109A8549651025D01D9A6A90F7C9017C66D 
    Preferred for New Encryption: true 
    Cipher Transformation: AES 
    Key Length (bits): 128