<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>bcfg2-crypt — Bcfg2 1.3.0 documentation</title> <link rel="stylesheet" href="../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../', VERSION: '1.3.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../_static/jquery.js"></script> <script type="text/javascript" src="../_static/underscore.js"></script> <script type="text/javascript" src="../_static/doctools.js"></script> <script type="text/javascript" src="../_static/sidebar.js"></script> <link rel="shortcut icon" href="../_static/favicon.ico"/> <link rel="top" title="Bcfg2 1.3.0 documentation" href="../index.html" /> <link rel="up" title="Man Pages" href="index.html" /> <link rel="next" title="bcfg2-info" href="bcfg2-info.html" /> <link rel="prev" title="bcfg2-build-reports" href="bcfg2-build-reports.html" /> <link rel="stylesheet" href="../_static/bcfg2.css" type=""/> </head> <body> <div style="text-align: left; padding: 10px 10px 15px 15px"> <a href="../index.html"><img src="../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="bcfg2-info.html" title="bcfg2-info" accesskey="N">next</a> |</li> <li class="right" > <a href="bcfg2-build-reports.html" title="bcfg2-build-reports" accesskey="P">previous</a> |</li> <li><a href="../index.html">home</a> | </li> <!--<li><a href="../search.html">search</a> | </li>--> <li><a href="../help/index.html">help</a> | </li> <li><a href="../contents.html">documentation </a> »</li> <li><a href="../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="index.html" accesskey="U">Man Pages</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="bcfg2-crypt"> <h1>bcfg2-crypt<a class="headerlink" href="#bcfg2-crypt" title="Permalink to this headline">¶</a></h1> <div class="section" id="synopsis"> <h2>Synopsis<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> <p><strong>bcfg2-crypt</strong> [-C <em>configfile</em>] [–decrypt|–encrypt] [–cfg|–properties] [–stdout] [–remove] [–xpath <em>xpath</em>] [-p <em>passphrase-or-name</em>] [-v] [-I] <em>filename</em> [<em>filename</em>...]</p> </div> <div class="section" id="description"> <h2>Description<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> <p><strong class="program">bcfg2-crypt</strong> performs encryption and decryption of Cfg and Properties files. It’s often sufficient to run <strong class="program">bcfg2-crypt</strong> with only the name of the file you wish to encrypt or decrypt; it can usually figure out what to do.</p> </div> <div class="section" id="options"> <h2>Options<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> <table class="docutils option-list" frame="void" rules="none"> <col class="option" /> <col class="description" /> <tbody valign="top"> <tr><td class="option-group"> <kbd><span class="option">-C <var>configfile</var></span></kbd></td> <td>Specify alternate bcfg2.conf location.</td></tr> <tr><td class="option-group" colspan="2"> <kbd><span class="option">--decrypt</span>, <span class="option">--encrypt</span></kbd></td> </tr> <tr><td> </td><td>Select encryption or decryption mode for the given file(s). This is usually unnecessary, as <strong class="program">bcfg2-crypt</strong> can often determine which is necessary based on the contents of each file.</td></tr> <tr><td class="option-group"> <kbd><span class="option">--cfg</span></kbd></td> <td>An XML file should be encrypted in its entirety rather than element-by-element. This is only necessary if the file is an XML file whose name ends with <em>.xml</em> and whose top-level tag is <em><Properties></em>. See [MODES] below for details.</td></tr> <tr><td class="option-group"> <kbd><span class="option">--properties</span></kbd></td> <td>Process a file as an XML Properties file, and encrypt the text of each element separately. This is necessary if, for example, you’ve used a different top-level tag than <em>Properties</em> in your Properties files. See [MODES] below for details.</td></tr> <tr><td class="option-group"> <kbd><span class="option">--stdout</span></kbd></td> <td>Print the resulting file to stdout instead of writing it to a file.</td></tr> <tr><td class="option-group"> <kbd><span class="option">--remove</span></kbd></td> <td>Remove the plaintext file after it has been encrypted. Only meaningful for Cfg files.</td></tr> <tr><td class="option-group"> <kbd><span class="option">--xpath <var>xpath</var></span></kbd></td> <td>Encrypt the character content of all elements that match the specified XPath expression. The default is <em>*[@encrypted]</em> or <em>*</em>; see [MODES] below for more details. Only meaningful for Properties files.</td></tr> <tr><td class="option-group"> <kbd><span class="option">-p <var>passphrase</var></span></kbd></td> <td>Specify the name of a passphrase specified in the <em>[encryption]</em> section of <em>bcfg2.conf</em>. See [SELECTING PASSPHRASE] below for more details.</td></tr> <tr><td class="option-group"> <kbd><span class="option">-v</span></kbd></td> <td>Be verbose.</td></tr> <tr><td class="option-group"> <kbd><span class="option">-I</span></kbd></td> <td>When encrypting a Properties file, interactively select the elements whose data should be encrypted.</td></tr> <tr><td class="option-group"> <kbd><span class="option">-h</span></kbd></td> <td>Print usage information.</td></tr> </tbody> </table> </div> <div class="section" id="modes"> <h2>Modes<a class="headerlink" href="#modes" title="Permalink to this headline">¶</a></h2> <p><strong class="program">bcfg2-crypt</strong> can encrypt Cfg files or Properties files; they are handled very differently.</p> <dl class="docutils"> <dt>Cfg</dt> <dd>When <strong class="program">bcfg2-crypt</strong> is used on a Cfg file, the entire file is encrypted. This is the default behavior on files that are not XML, or that are XML but whose top-level tag is not <em><Properties></em>. This can be enforced by use of the <em>–cfg</em> option.</dd> <dt>Properties</dt> <dd>When <strong class="program">bcfg2-crypt</strong> is used on a Properties file, it encrypts the character content of elements matching the XPath expression given by <em>–xpath</em>. By default the expression is <em>*[@encrypted]</em>, which matches all elements with an <em>encrypted</em> attribute. If you are encrypting a file and that expression doesn’t match any elements, then the default is <em>*</em>, which matches everything. When <strong class="program">bcfg2-crypt</strong> encrypts the character content of an element, it also adds the <em>encrypted</em> attribute, set to the name of the passphrase used to encrypt that element. When it decrypts an element it does not remove <em>encrypted</em>, though; this lets you easily and efficiently run <strong class="program">bcfg2-crypt</strong> against a single Properties file to encrypt and decrypt it without needing to specify a long list of options. See the online Bcfg2 docs on Properties files for more information on how this works.</dd> </dl> </div> <div class="section" id="selecting-passphrase"> <h2>Selecting passphrase<a class="headerlink" href="#selecting-passphrase" title="Permalink to this headline">¶</a></h2> <p>The passphrase used to encrypt or decrypt a file is discovered in the following order.</p> <ol class="arabic simple"> <li>The passphrase given on the command line using <em>-p</em> is used.</li> <li>If exactly one passphrase is specified in <em>bcfg2.conf</em>, it will be used.</li> <li>If operating in Properties mode, <em>bcfg2.conf</em> will attempt to read the name of the passphrase from the encrypted elements.</li> <li>If decrypting, all passphrases will be tried sequentially.</li> <li>If no passphrase has been determined at this point, an error is produced and the file being encrypted or decrypted is skipped.</li> </ol> </div> <div class="section" id="see-also"> <h2>See Also<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> <p><em class="manpage">bcfg2-server(8)</em></p> </div> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="../index.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#">bcfg2-crypt</a><ul> <li><a class="reference internal" href="#synopsis">Synopsis</a></li> <li><a class="reference internal" href="#description">Description</a></li> <li><a class="reference internal" href="#options">Options</a></li> <li><a class="reference internal" href="#modes">Modes</a></li> <li><a class="reference internal" href="#selecting-passphrase">Selecting passphrase</a></li> <li><a class="reference internal" href="#see-also">See Also</a></li> </ul> </li> </ul> <h4>Previous topic</h4> <p class="topless"><a href="bcfg2-build-reports.html" title="previous chapter">bcfg2-build-reports</a></p> <h4>Next topic</h4> <p class="topless"><a href="bcfg2-info.html" title="next chapter">bcfg2-info</a></p> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="../_sources/man/bcfg2-crypt.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="bcfg2-info.html" title="bcfg2-info" >next</a> |</li> <li class="right" > <a href="bcfg2-build-reports.html" title="bcfg2-build-reports" >previous</a> |</li> <li><a href="../index.html">home</a> | </li> <!--<li><a href="../search.html">search</a> | </li>--> <li><a href="../help/index.html">help</a> | </li> <li><a href="../contents.html">documentation </a> »</li> <li><a href="../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="index.html" >Man Pages</a> »</li> </ul> </div> <div class="footer"> © Copyright 2009-2013, Narayan Desai. Last updated on Mar 20, 2013. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>