.TH "BCFG2-CRYPT" "8" "March 18, 2013" "1.3" "Bcfg2" .SH NAME bcfg2-crypt \- Bcfg2 encryption and decryption utility . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .\" Man page generated from reStructuredText. . .SH SYNOPSIS .sp \fBbcfg2\-crypt\fP [\-C \fIconfigfile\fP] [\-\-decrypt|\-\-encrypt] [\-\-cfg|\-\-properties] [\-\-stdout] [\-\-remove] [\-\-xpath \fIxpath\fP] [\-p \fIpassphrase\-or\-name\fP] [\-v] [\-I] \fIfilename\fP [\fIfilename\fP...] .SH DESCRIPTION .sp \fBbcfg2\-crypt\fP performs encryption and decryption of Cfg and Properties files. It\(aqs often sufficient to run \fBbcfg2\-crypt\fP with only the name of the file you wish to encrypt or decrypt; it can usually figure out what to do. .SH OPTIONS .INDENT 0.0 .TP .BI \-C \ configfile Specify alternate bcfg2.conf location. .TP .B \-\-decrypt, \-\-encrypt Select encryption or decryption mode for the given file(s). This is usually unnecessary, as \fBbcfg2\-crypt\fP can often determine which is necessary based on the contents of each file. .TP .B \-\-cfg An XML file should be encrypted in its entirety rather than element\-by\-element. This is only necessary if the file is an XML file whose name ends with \fI.xml\fP and whose top\-level tag is \fI\fP. See [MODES] below for details. .TP .B \-\-properties Process a file as an XML Properties file, and encrypt the text of each element separately. This is necessary if, for example, you\(aqve used a different top\-level tag than \fIProperties\fP in your Properties files. See [MODES] below for details. .TP .B \-\-stdout Print the resulting file to stdout instead of writing it to a file. .TP .B \-\-remove Remove the plaintext file after it has been encrypted. Only meaningful for Cfg files. .TP .BI \-\-xpath \ xpath Encrypt the character content of all elements that match the specified XPath expression. The default is \fI*[@encrypted]\fP or \fI*\fP; see [MODES] below for more details. Only meaningful for Properties files. .TP .BI \-p \ passphrase Specify the name of a passphrase specified in the \fI[encryption]\fP section of \fIbcfg2.conf\fP. See [SELECTING PASSPHRASE] below for more details. .TP .B \-v Be verbose. .TP .B \-I When encrypting a Properties file, interactively select the elements whose data should be encrypted. .TP .B \-h Print usage information. .UNINDENT .SH MODES .sp \fBbcfg2\-crypt\fP can encrypt Cfg files or Properties files; they are handled very differently. .INDENT 0.0 .TP .B Cfg When \fBbcfg2\-crypt\fP is used on a Cfg file, the entire file is encrypted. This is the default behavior on files that are not XML, or that are XML but whose top\-level tag is not \fI\fP. This can be enforced by use of the \fI\-\-cfg\fP option. .TP .B Properties When \fBbcfg2\-crypt\fP is used on a Properties file, it encrypts the character content of elements matching the XPath expression given by \fI\-\-xpath\fP. By default the expression is \fI*[@encrypted]\fP, which matches all elements with an \fIencrypted\fP attribute. If you are encrypting a file and that expression doesn\(aqt match any elements, then the default is \fI*\fP, which matches everything. When \fBbcfg2\-crypt\fP encrypts the character content of an element, it also adds the \fIencrypted\fP attribute, set to the name of the passphrase used to encrypt that element. When it decrypts an element it does not remove \fIencrypted\fP, though; this lets you easily and efficiently run \fBbcfg2\-crypt\fP against a single Properties file to encrypt and decrypt it without needing to specify a long list of options. See the online Bcfg2 docs on Properties files for more information on how this works. .UNINDENT .SH SELECTING PASSPHRASE .sp The passphrase used to encrypt or decrypt a file is discovered in the following order. .INDENT 0.0 .IP 1. 3 The passphrase given on the command line using \fI\-p\fP is used. .IP 2. 3 If exactly one passphrase is specified in \fIbcfg2.conf\fP, it will be used. .IP 3. 3 If operating in Properties mode, \fIbcfg2.conf\fP will attempt to read the name of the passphrase from the encrypted elements. .IP 4. 3 If decrypting, all passphrases will be tried sequentially. .IP 5. 3 If no passphrase has been determined at this point, an error is produced and the file being encrypted or decrypted is skipped. .UNINDENT .SH SEE ALSO .sp \fIbcfg2\-server(8)\fP .\" Generated by docutils manpage writer. .