The ctcmpcif utility has been added to the command-line utilities. This utility can be used to encrypt and decrypt c-tree data files.
Operational Model:
Standalone Usage
ctcmpcif <data file name> <user> <pass> <server> <-sectors> <options>
Where:
ctcmpcif xx8.dat ADMIN ADMIN FAIRCOMSMS -256
<options> can be:
Client-Side Usage
# ctcmpcif DataFileName [-purge] [-updifil] [<UserId>]
[<UserPassword> [<ServerName>]]
Where:
UserID, UserPassword, and ServerName are only needed for client versions of this utility. FairCom recommends building this utility as a Single-user Standalone application.
ctcmpcif reads the IFIL structure from DataFileName and calls CompactIFileXtd() and RebuildIFileXtd() to compact and rebuild DataFileName and its associated indexes. If ctcmpcif cannot extract the IFIL from the target file, it will ask for the name of another copy of the file from which to extract the IFIL information.
Prior to FairCom DB V9.3, several option values were defined such as updateIFIL, purgeIFIL, and badpartIFIL, that can be specified. These values are specified by adding them together. For example: myifil.tfilno = updateIFIL + purgeIFIL. A new approach simplifies checking of these options. The following option values are now specified in ctport.h:
#define updateIFILoption 0x0002
#define purgeIFILoption 0x0004
#define badpartIFILoption 0x0008
#define redosrlIFILoption 0x0010
These values can now be OR-ed together and the negative of the result stored in the tfilno field of the IFIL structure passed to the compact or rebuild function. For example, to indicate that you want to assign new serial numbers, do the following:
myifil.tfilno = -redosrlIFILoption;
CMPIFIL(&myifil);
If you want to also use more than one option when compacting or rebuilding a file, OR them in to the value and negate the result. For example,
/* assign new serial numbers and update IFIL resource. */
myifil.tfilno = -(redosrlIFILoption | updateIFILoption);
CMPIFIL(&myifil);
ctcmpcif will attempt to open files of any page size definition. In addition, in standalone mode, it will create the new file based on the provided page size.
Note: This tool does not compact partitioned files. If you attempt to compact a partitioned file, the tool will return PCMP_ERR (954, compacting partitioned file not supported).
Changing Encryption Attributes
In V11 and later, the compact utility can optionally change the encryption attributes. To use this option, OR in the setencryptIFILoption bit into the tfilno field of the IFIL structure whose address you pass to the compact API function. When using this and other options, remember to negate the tfilno value after you OR in the options. For example:
myifil.tfilno = -(redosrlIFILoption | setencryptIFILoption);
CMPIFIL(&myifil);
Specifying the Encryption Cipher
In V11 and later, the ctcmpcif utility supports an option to specify the encryption cipher for the data and index files created by the compact operation. Usage:
-encrypt=cipher - Create the compacted file using the specified cipher:
Note: If an index file does not exist, the original data file's encryption attributes are used when creating that index file.
To change the encryption attributes of a file using this ctcmpcif compact utility or the compact API function from a client, you must add the option CHANGE_ENCRYPTION_ON_COMPACT YES to ctsrvr.cfg. Otherwise, the operation fails with error NSUP_ERR (454, not supported).
Environment Variable to Enable Advanced Encryption
In V11.5 and later, c-tree supports enabling advanced encryption at run time using an environment variable. Set the environment variable CTREE_ADVANCED_ENCRYPTION to YES to enable advanced encryption if it is supported. This environment variable can be used to allow c-tree utilities to enable advanced encryption even if they haven't been updated yet to automatically enable advanced encryption when needed. Examples include the rebuild and compact utilities, ctrbldif and ctcmpcif.
Note: If c-tree does not support advanced encryption and this environment variable is set, the c-tree initialization will fail.
Note: In order to use advanced encryption, a master key must be supplied. The utility will prompt for the master key, or a master key file can be created like this:
1: create master key file:
ctcpyf -k mykey -s mykey.fkf
2: set environment variable to the name of the master key file:
CTREE_MASTER_KEY_FILE=mykey.fkf
If using these steps, then the utility will read the master key from the file instead of prompting for the key.
Considerations
When an application calls the standalone version of the Xtd8 file compact or rebuild functions (for example, CMPIFILX8() or RBLIFILX8()), index files created by the compact or rebuild no longer have the 6-byte transaction number attribute enabled if the specified extended create block's x8mode field has the ctNO6BTRAN bit set.
See also