1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
.TH "BCFG2-CRYPT" "8" "March 18, 2013" "1.3" "Bcfg2"
.SH NAME
bcfg2-crypt \- Bcfg2 encryption and decryption utility
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.\" Man page generated from reStructuredText.
.
.SH SYNOPSIS
.sp
\fBbcfg2\-crypt\fP [\-C \fIconfigfile\fP] [\-\-decrypt|\-\-encrypt]
[\-\-cfg|\-\-properties] [\-\-stdout] [\-\-remove] [\-\-xpath \fIxpath\fP]
[\-p \fIpassphrase\-or\-name\fP] [\-v] [\-I] \fIfilename\fP [\fIfilename\fP...]
.SH DESCRIPTION
.sp
\fBbcfg2\-crypt\fP performs encryption and decryption of Cfg and
Properties files. It\(aqs often sufficient to run \fBbcfg2\-crypt\fP
with only the name of the file you wish to encrypt or decrypt; it can
usually figure out what to do.
.SH OPTIONS
.INDENT 0.0
.TP
.BI \-C \ configfile
Specify alternate bcfg2.conf location.
.TP
.B \-\-decrypt, \-\-encrypt
Select encryption or decryption mode for the
given file(s). This is usually unnecessary, as
\fBbcfg2\-crypt\fP can often determine which
is necessary based on the contents of each file.
.TP
.B \-\-cfg
An XML file should be encrypted in its entirety
rather than element\-by\-element. This is only
necessary if the file is an XML file whose name
ends with \fI.xml\fP and whose top\-level tag is
\fI<Properties>\fP. See [MODES] below for details.
.TP
.B \-\-properties
Process a file as an XML Properties file, and
encrypt the text of each element
separately. This is necessary if, for example,
you\(aqve used a different top\-level tag than
\fIProperties\fP in your Properties files. See
[MODES] below for details.
.TP
.B \-\-stdout
Print the resulting file to stdout instead of
writing it to a file.
.TP
.B \-\-remove
Remove the plaintext file after it has been
encrypted. Only meaningful for Cfg files.
.TP
.BI \-\-xpath \ xpath
Encrypt the character content of all elements
that match the specified XPath expression. The
default is \fI*[@encrypted]\fP or \fI*\fP; see [MODES]
below for more details. Only meaningful for
Properties files.
.TP
.BI \-p \ passphrase
Specify the name of a passphrase specified in
the \fI[encryption]\fP section of \fIbcfg2.conf\fP. See
[SELECTING PASSPHRASE] below for more details.
.TP
.B \-v
Be verbose.
.TP
.B \-I
When encrypting a Properties file, interactively
select the elements whose data should be
encrypted.
.TP
.B \-h
Print usage information.
.UNINDENT
.SH MODES
.sp
\fBbcfg2\-crypt\fP can encrypt Cfg files or Properties files; they
are handled very differently.
.INDENT 0.0
.TP
.B Cfg
When \fBbcfg2\-crypt\fP is used on a Cfg file, the entire file
is encrypted. This is the default behavior on files that are not
XML, or that are XML but whose top\-level tag is not \fI<Properties>\fP.
This can be enforced by use of the \fI\-\-cfg\fP option.
.TP
.B Properties
When \fBbcfg2\-crypt\fP is used on a Properties file, it
encrypts the character content of elements matching the XPath
expression given by \fI\-\-xpath\fP. By default the expression is
\fI*[@encrypted]\fP, which matches all elements with an \fIencrypted\fP
attribute. If you are encrypting a file and that expression doesn\(aqt
match any elements, then the default is \fI*\fP, which matches
everything. When \fBbcfg2\-crypt\fP encrypts the character
content of an element, it also adds the \fIencrypted\fP attribute, set
to the name of the passphrase used to encrypt that element. When it
decrypts an element it does not remove \fIencrypted\fP, though; this
lets you easily and efficiently run \fBbcfg2\-crypt\fP against a
single Properties file to encrypt and decrypt it without needing to
specify a long list of options. See the online Bcfg2 docs on
Properties files for more information on how this works.
.UNINDENT
.SH SELECTING PASSPHRASE
.sp
The passphrase used to encrypt or decrypt a file is discovered in the
following order.
.INDENT 0.0
.IP 1. 3
The passphrase given on the command line using \fI\-p\fP is used.
.IP 2. 3
If exactly one passphrase is specified in \fIbcfg2.conf\fP, it will be
used.
.IP 3. 3
If operating in Properties mode, \fIbcfg2.conf\fP will attempt to read
the name of the passphrase from the encrypted elements.
.IP 4. 3
If decrypting, all passphrases will be tried sequentially.
.IP 5. 3
If no passphrase has been determined at this point, an error is
produced and the file being encrypted or decrypted is skipped.
.UNINDENT
.SH SEE ALSO
.sp
\fIbcfg2\-server(8)\fP
.\" Generated by docutils manpage writer.
.
|
