# encrypt-file command

The encrypt-file command encrypts data
in a specified file.

To use this command, the OpenSSL libraries must be installed on your system.

- For UNIX Implementations: The OpenSSL libraries are required. If this command is run on a system without OpenSSL, the current process will stop and return to TCL. Additionally, you will see the Encryption libraries are not loaded message.

- For Windows Only: The OpenSSL libraries must be present when restoring a save that contains encrypted data. Otherwise, the restore process will terminate.

- Storing and encrypting files in the FSI:DM is not recommended and might produce unpredictable results.

## Syntax

```
 encrypt-file filename{,data-file}{(options}
```

## Parameter(s)

| filename | The name of the file on which to apply encryption. The specified file must already exist. To enable encryption, you must be logged into the account in which the specified file exists. Note: Item-ids and index keys are not encrypted. Additionally, only the data level of the file system can be encrypted. You cannot encrypt the MD or DICT of a file. | |
| --- | --- | --- |
| data-file | (Optional) Specifies which data-file in the file to encrypt. If not specified, the default data-file is encrypted. | |
| options | 2 | Uses AES-256 encryption instead of the default AES-128. |

## Description

Encryption does not affect any existing file translates, indexes, bridges, triggers, and so on.
 These features will continue to function as expected. However, note that read and write
 operations on encrypted files are significantly slower than read and write operations on
 unencrypted files.

The sizes of encrypted items are approximately 1% (plus six
characters) larger than unencrypted items. Be aware that LIST commands display decrypted item sizes whereas ISTAT and similar commands display encrypted item sizes

Note:
 After a file has been encrypted, data in the file remains encrypted on any subsequent
 file-saves, account-saves, incremental-saves, and transaction-logging tapes. The only
 exceptions are:

- FSI file data is not saved encrypted on file-saves, account-saves, incremental-saves, or transaction-logging tapes.

- Data is saved in its original plain-text format (unencrypted) when a t-dump command is used on the file.

- Index keys are stored in clear text for indexes created on an encrypted file.

 As with all files, file access is determined using file update and retrieval locks (set using
 the file-access-setup command in the dm account). If you have the
 appropriate user key for a file, items in that file are automatically decrypted for read
 operations and encrypted for write operations.

 If the encrypt processing code is on the file-defining item, then only
 the specified attributes will be encrypted.

## FSI files

For FSI files, the encrypt-file program also does an
 fsck (file check) to check the integrity of the file structure before
 the data is encrypted and scrubs all free space in the file after it is encrypted to ensure
 that residual, unencrypted data is not left in the unused space.

## Example(s)

**Example 1**

 This example encrypts the locations file.

 The dictionary-code field has the entry of DE1, which indicates that
 the file is encrypted.

```

 :encrypt-file locations
 File successfully encrypted.
 :ud locations

 DICT locations 'locations' size = 59
 dictionary-code DE1
 base 18652
 modulo 1
 structure
 retrieval-lock
 update-lock
 output-conversion
 correlative
 attribute-type L
 column-width 10
 input-conversion
 macro
 output-macro
 description
 reallocation
 segment-base segment-mod

 hotkey.all
 hotkey1
 hotkey2
 hotkey3
 hotkey4
 hotkey5
 hotkey6
 hotkey7
 hotkey8
 hotkey9
 hotkey0
 DICT locations 'locations' size = 59 exited.
 :dump 18652

 fid: 18652 : 0 0 0 0 ( 48DC : 0 0 0 0 )
 000 :....k...WHSE1^<enc1>...RZ..z..\c.-A......X..1...m.:
 050 :.N.2[.=....8e.Y)..r.%.9z.p%O..l. .1.......a...}C..:
 100 :`..I.^__....o...WHSE2^<enc1>.C..........^....m....:
 150 :.S.I.t.....=.+..,...G.y..k.........3...Cgbq^y..3.h:
 200 :..%.[.Y..V6m..|c.^__....k...WHSE3^<enc1>..=......j:
 250 :7j....n...n4. 4[_.\..^...=..z1T....k&.Z...{.......:
 300 :.p<....J.^.`....G|w.7]...K^__^3737961123^__......G:
 350 :r7..]C...tu.^_____________________________________:
 400 :__________________________________________________:
 450 :__________________________________________________:
```

 **Example 2**

This example encrypts the accounting file.

```

 :encrypt-file accounting
 File successfully encrypted.
```

 **Example 3**

This example encrypts only the purchases data-file of the accounting
 file.

```

 :encrypt-file accounting,purchases
 File successfully encrypted.
```

## See also

- [decrypt-file command](https://d3codex.com/tcl/decrypt-file-command/)
- [encrypt processing code](https://d3codex.com/processingcodes/encrypt-processing-code/)

---
Source: https://d3codex.com/tcl/encrypt-file-command/ - part of the D3Codex reference.