|
|
|
The FairCom DB advanced encryption feature uses a master password to encrypt the file-specific advanced encryption key in c-tree data, index, and transaction log files that are encrypted using advanced encryption. ctencrypt is a standalone utility that can be used to change this master password for specified c-tree data, index, and transaction log files.
Operational Model:
Usage:
ctencrypt <options> <command>
Available Options:
Available Commands (only one at a time may be specified):
ctencrypt requires a password verification file named ctsrvr.pvf that was created using the current master password to exist in its working directory. ctencrypt prompts the user for the current master password and for the new master password (prompting twice in order to confirm that the new password was properly entered).
Note: ctencrypt does not change the master password file, ctsrvr.pvf. The ctcpvf utility will need to create a new file for server startup in coordination with the new password used to re-encrypt the encryption key for the files. Failure to do so will result in DCOD_ERR errors (606, failure to decode file) when opening files.
ctencrypt processes the specified files, indicating the status of each file and the total of successful and failed operations. Note that the FairCom Server must be shut down while these file modifications take place.
ctencrypt creates a temporary directory named temp\ctencrypt.tmp.<process_id> to store its transaction logs. This directory is normally deleted when ctencrypt shuts down.
Important: ctencrypt does not undo any changes in case of error. The files that it lists as successfully updated will use the new master password even if the utility failed to update other files.
Example File List
A semicolon can be specified at the start of a line to indicate a comment which is ignored.
; c-tree Advanced Encryption Conversion Listing File
; -----------------------------------------------------
; Created Wed Dec 01 01:38:00 2010
; transaction log files
L0000000.FCT
L0000002.FCA
L0000003.FCA
L0000004.FCA
L0000005.FCA
L0000006.FCS
L0000007.FCS
L0000008.FCS
L0000009.FCS
L0000010.FCT
; data files
mydatafile.dat
C:\My Documents\test.dat
vcusti
Note: All physical encrypted files, data and index files, must be specified in order to be modified. No attempt is made to determine associated files.
If the server was cleanly shutdown in such a manner that its transaction logs are no longer necessary, then they will not need to be included as part of this password change. If you wish to use the ctencrypt utility to modify any existing encrypted transaction logs (for example, archive logs for replication), their names must be specified in the list file. ctencrypt does not attempt to locate any transaction log files on its own.
Example Output
c-tree file encryption utility
This utility requires a master password in order to start.
Please enter master password:
Enter new master password :
Confirm new master password :
Changing master password for the specified files...
[ OK ] SYSLOGDT.FCS
[ OK ] vcusti
[ OK ] L0000000.FCT
[ OK ] L0000002.FCA
[ OK ] L0000003.FCA
[ OK ] L0000004.FCA
[ OK ] L0000005.FCA
[ OK ] L0000006.FCS
[ OK ] L0000007.FCS
[ OK ] L0000008.FCS
[ OK ] L0000009.FCS
[ OK ] L0000010.FCT
12 succeeded, 0 failed
Successfully changed master password for all specified files
Error Returns
Two new error codes have been added related new password management features:
