This is a standalone utility which is used to encrypt and decrypt data files. This utility supports generation of symmetric encryption key in AES 256 bit format.
This utility does not have dependency on OFSAA or DMT module. However, running this utility requires log4j-core*.jar and log4j-api*.jar files.
Use Cases:
·If the user has opted for File Encryption from the DMT Configurations window:
§In case of T2F or H2F, the output file will be an encrypted file. To decrypt the data file, user needs to use this utility.
§In case of F2Tor F2H, the input file should be an encrypted file. To encrypt the data file, user needs to use this utility.
Prerequisites
·Ensure the following files are present in $FIC_HOME/utility/DMT/encryption/bin folder.
§dmtfileencryption.sh
§aai-dmt-encryption.jar
§log4j-core*.jar
§log4j-api*.jar
·Since the utility uses AES 256 bit encryption, it is mandatory to apply policy files. Perform the following instructions to apply policy files:
a.Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle. Be sure to download the correct policy file updates for your version of Java (Java 7 or 8).
b.Uncompress and extract the downloaded file. The download includes a Readme.txt and two .jar files with the same names as the existing policy files.
c.Locate the two existing policy files inside the folder <java-jre-home>/lib/security/.
1local_policy.jar
2US_export_policy.jar
d.Replace the existing policy files with the unlimited strength policy files you extracted.
To run the utility directly from the console:
1.Navigate to $FIC_HOME/utility/DMT/encryption/bin folder.
2.Execute ./dmtfileencryption.sh with the following arguments:
Argument Name | Description | Value |
MODE | Specify the mode of operation | ·genkey ·encrypt_file ·decrypt_file For more information, see Modes of Operation section. |
KEYFILE | Absolute path of key file with key file name. | |
INPUTFILE | Absolute path of input file with input file name. | |
OUTPUTFILE | Absolute path of output file with output file name. |
Modes of Operation
Based on the value specified for the argument MODE, the utility can be operated in different modes:
MODE set as genkey
./dmtfileencryption.sh genkey <KEYFILE>
In this mode, utility takes the absolute path to which key has to be written as input. Creates a 256 bit AES key and writes to the location given in <KEYFILE> attribute.
MODE set as encrypt_file
./dmtfileencryption.sh encrypt_file <INPUTFILE> <OUTPUTFILE> <KEYFILE>
In this mode, utility takes input file path, output file path and key file path as inputs. Using the 256 bit AES key in the given key path, input file is encrypted and written into given output file path.
MODE set as decrypt_file
./dmtfileencryption.sh decrypt_file <INPUTFILE> <OUTPUTFILE> <KEYFILE>
In this mode, utility takes input file path, output file path and key file path as inputs. Using the 256 bit AES key in the given key path, input file is decrypted and written into given output file path.
NOTE | Input and output file absolute paths should be different. |
Logs
The DMTFileEncryption.log file will be created in $FIC_HOME/utility/DMT/encryption/log folder.