Encrypt

Encrypts one or more files using the specified encryption method and algorithm. This action supports both symmetric (passphrase) and asymmetric (public/private key) encryption types. If PGP is installed, this action can optionally use the PGP engine for both passphrase and public/private key encryption and support for a wide variety of encryption algorithms. Used for security purposes to encrypt any type of file. Ideal for keeping sensitive and confidential information private.

Declaration

<AMENCRYPT ENCRYPTTYPE="PASSPHRASE" INPUTFILE="text" OUTPUTFILE="text" SUBFOLDERS="Yes/No" KEEPFOLDERSTRUCT="Yes/No" OVERWRITE="Yes/NoS" ISNEWER="Yes/No" ATTRFILTER="text" ENCRYPTALGO="text(options)" PASSWORD="text" />

Example 1 - Passphrase Encryption

<AMENCRYPT ENCRYPTTYPE="PASSPHRASE" INPUTFILE="C:\SourceFolder\*.DOC" OUTPUTFILE="C:\DestinationFolder\encr*.doc" SUBFOLDERS="YES" KEEPFOLDERSTRUCT="YES" OVERWRITE="YES" ISNEWER="YES" ATTRFILTER="+r" ENCRYPTALGO="Rijndael" PASSWORD="AM1cLtbaERPTWrKiRxt4KF/Bg==aME" />

Example 2 - Public/Private Key Encryption

<AMENCRYPT ENCRYPTTYPE="KEY" INPUTFILE="C:\SourceFolder\*.DOC" OUTPUTFILE="C:\DestinationFolder\encr*.doc" SUBFOLDERS="YES" KEEPFOLDERSTRUCT="YES" OVERWRITE="YES" ISNEWER="YES" ATTRFILTER="+r" CRYPTUSING="KEYCONTAINER" KEYCONTAINERNAME="Microsoft Enhanced Cryptographic Provider v1.0" KEYCONTAINERLEVEL="USER" />

See Also: Delete Key Container, Generate Key Files, Sign, Verify, Decrypt, Calculate File Checksum, Get File(s) information, Touch File, Set Attributes

PGP (Pretty Good Privacy) is a popular program used to encrypt and decrypt e-mail over the Internet. It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity. AWE comes bundled with the OpenPGP engine which is based on PGP as originally developed. OpenPGP is installed on the system during installation.

General Tab

Property

Type

Required

Default

Markup

Description

Source

Text

Yes

(Empty)

a) INPUTFILE="c:\ folder\file.txt"

b) INPUTFILE="c:\ folder\*.txt"

The path and file name of the file(s) to encrypt. Wildcard characters such as asterisk (*) and question mark (?) can be used to encrypt files matching a certain mask.

Destination

Text

Yes

(Empty)

a) OUTPUTFILE="c:\ folder\file.txt"

b) OUTPUTFILE="c:\folder\"

c) DEST="c:\ folder\*.txt"

The destination folder and (optional) filename of the file(s) being encrypted.

NOTE: Folders that do not exist will be automatically created at runtime.

Type

Text (Options)

No

passphrase

ENCRYPTTYPE="KEY"

The type of encryption to be performed. Parameters vary depending on which encryption type is selected. The Available options are:

  • Passphrase (Default): Requires a particular passphrase to verify and encrypt the specified file(s).

  • Public/Private Key: An asymmetric form of encryption that relies on a cryptographically generated public/private key pair. Encryption is performed with the public key and can only be encrypted with the corresponding private key.

  • PGP Passphrase: Require a particular PGP passphrase to encrypt.

  • PGP Public/Private Key: PGP uses a system which binds the public keys to a an e-mail address. Requires the associated PGP private key to encrypt.

  • OpenPGP Passphrase: Requires a particular OpenPGP passphrase to encrypt.

  • OpenPGP Public/Private Key: Encryption is performed using OpenPGP public key and can only be encrypted with the corresponding private key.

Algorithm

Text (Options)

No

Rijndael

ENCRYPTALGO="DES"

The encryption algorithm to use. This parameter is active only if Passphrase, PGP Passphrase or OpenPGP Passphrase is selected from the Type parameter. Available encryption algorithm options for Passphrase are:

  • Rijndael (Default)

  • DES

  • RC2

  • TripleDES

Available encryption algorithm options for PGP Passphrase and OpenPGP Passphrase are:

  • IDEA (PGP Only)

  • 3DES

  • CAST5

  • Blowfish

  • AES128

  • AES192

  • AES256

  • Twofish256

Passphrase/Confirm Passphrase

Text

Yes for passphrase encryption

(Empty)

PASSWORD="g9tc745yuig3j9t"

The passphrase to use in order to encrypt the file(s). This parameter is available only if the Type parameter is set to Passphrase, PGP Passphrase or OpenPGP Passphrase.

Key email address

Text

Yes for PGP Public/Private Key encryption

(Empty)

EMAIL="admin@netauto.com"

Specifies the e-mail address in which to bind the PGP public key to. This parameter is active only if the PGP Public/Private Key option is selected from the Type parameter.

Key name or email address

Text

Yes for OpenPGP Public/Private Key encryption

(Empty)

EMAIL="admin@netauto.com"

Indicates the e-mail address and/or unique name in which to bind the OpenPGP public key to. Multiple names/e-mail addresses can be entered by separating each entry with a semi-colons (;). This parameter is active only if the PGP Public/Private Key option is selected from the Type parameter.

Options Tab

Property

Type

Required

Default

Markup

Description

Include Subfolders

Yes/No

No

No

SUBFOLDERS="YES"

If set to YES, specifies that, if present, subfolders should be searched for files matching the mask specified in the Source parameter. The default value is set to NO.

Preserve Folder Structure

Yes/No

No

Yes

KEEPFOLDERSTRUCT="NO"

If set to YES, specifies that subfolders found in the source folder should be created in the destination folder, and source files should be encrypted into their respective folders rather than directly into the root of the folder specified in the Destination parameter. Valid only if the Include subfolder parameter is set to YES.

Overwrite if Exists

Yes/No

No

No

OVERWRITE="YES"

If set to YES, specifies that, if destination files already exist, they should be overwritten. The default value is set to NO.

Only if Newer

Yes/No

No

No

ISNEWERTHAN="YES"

If set to YES, indicates that only files that are newer than those in the destination folder will overwrite existing files. Valid only if the Overwrite if Exists parameter is set to YES.

Only if Exists in Destination

Yes/No

No

No

ONLYIFEXIST="YES"

If set to YES, specifies that only files that already exist in the destination will be encrypted from the source. All other files, regardless of whether they match the mask or other parameter settings will be bypassed. Valid only if the Overwrite if Exists parameter is set to YES.

Overwrite Read-Only Files

Yes/No

No

No

OVERWRITEREADONLY="YES"

If set to YES, indicates that already existing files should be overwritten even if the file in the destination is marked with the "read-only" attribute. By default, read only files are not overwritten. Valid only if the Overwrite if Exists parameter is set to YES.

Overwrite Hidden Files

Yes/No

No

No

OVERWRITEHIDDEN="YES"

If set to YES, specifies that already existing files should be overwritten even if the file in the destination is marked with the "hidden" attribute. By default, hidden files are not overwritten. Valid only if the Overwrite if Exists parameter is set to YES.

Turn Archive Attribute Off

Yes/No

No

No

ARCHIVETURNOFF="YES"

If set to YES, denotes that the "archive" attribute of the source file should be switched OFF. The Windows "archive" attribute is generally used to track whether a file has been backed-up. By turning the source file's archive attribute off— this indicates to many backup programs that the file has already been backed-up.

Exclude Mask

Text

No

(Empty)

EXCLUDE="*.txt"

Causes this action to omit encrypting files matching the mask(s) specified. Filenames or wildcard masks may be used. .

Regular Expression

Yes/No

No

No

RE="YES"

If set to YES, specifies that a regular expression is used in the Exclude Mask field.

Only if Newer Than

Date

No

(Empty)

ISNEWERTHAN=

"%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"

Causes this action to only encrypt files if the source is newer than the date/time specified. If this parameter is left blank or not included, the date of the file(s) will be ignored (excluding Only if newer parameter).

Only if Older Than

Date

No

(Empty)

ISOLDERTHAN=

"%DateSerial(2007,10,12) + TimeSerial(00,00,00)%"

Causes this action to only encrypt files if the source is older than the date/time specified. If this parameter is left blank or not included, the date of the file(s) will be ignored (excluding Only if newer parameter).

Attributes Tab

Property

Type

Required

Default

Markup

Description

Attributes

Text Options

No

(Empty)

ATTRFILTER="+R+A-H" (encrypt read-only & archive files but not hidden files)

This group of settings causes the action to filter which files are encrypted based on the attribute settings of the source file(s). In visual mode, a group of controls are provided to assist in the selection of this parameter. In markup mode, a single text item must be specified that contains the attributes of the files you want to encrypt.

Available Options:

  • R— Read-only: Specifying "+R" causes files with this attribute turned on to be included, "-R" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • A— Archive: Specifying "+A" causes files with this attribute turned on to be included, "-A" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • S— System: Specifying "+S" causes files with this attribute turned on to be included, "-S" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • H— Hidden: Specifying "+R" causes files with this attribute turned on to be included, "-H" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

  • C— Compression: Specifying "+C" causes files with this attribute turned on to be included, "-C" causes files with this attribute turned off to be included, not specifying the letter (default) causes this attribute to be ignored.

PGP Tab

These parameters relate to the recipient's OpenPGP key ID (normally an e-mail address or name) and the password that associates with that ID and are available only when OpenPGP Public/Private Key is selected under the Type parameter located on the General tab.

NOTE: The parameters of the PGP tab has no relation to PGP Encrypt/Decrypt type, only OpenPGP.

Property

Type

Required

Default

Markup

Description

Public Keyring File

Text

Yes for PGP or OpenPGP Public/Private Key encryption method

(Empty)

PUBKEYRINGPATH=

"c:\foldername\file.pkr"

Specifies the path and filename of the PGP, OpenPGP or GnuPG Public Keyring file. Entering a valid Public Keyring file along with a matching Secret Keyring file will populate the Choose Recipients section with the appropriate signature information. This parameter is active only if the Type parameter located in the General tab is set to PGP Public/Private key or OpenPGP Public/Private Key.

Secret Keyring File

Text

Yes for PGP or OpenPGP Public/Private Key encryption method

(Empty)

SECKEYRINGPATH=

"c:\foldername\file.skr"

Specifies the path and filename of the PGP, OpenPGP or GnuPG secret keyring file. Entering a valid Public Keyring file along with a matching Secret Keyring file will populate the Choose Recipients section with the appropriate signature information. This parameter is active only if the Type parameter located in the General tab is set to PGP Public/Private key or OpenPGP Public/Private Key.

Armor Data

Yes/No

No

No

ARMOR="YES"

If set to YES, causes PGP, OpenPGP or GnuPG to enable ASCII Armor output, a form of encoding binary data in a sequence of ASCII-printable characters. Binary to text encoding is necessary for transmission of data when the channel or the protocol only allows ASCII-printable characters, such as transporting through E-mail channels. If you intend to use PGP primarily for e-mail purposes, we suggest enabling this option. This parameter is active only if the Type parameter located in the General tab is set to PGP Passphrase, PGP Public/Private key, OpenPGP Passphrase or OpenPGP Public/Private Key.

Compress data before encryption

Yes/No

No

Yes

COMPRESS="YES"

If set to YES, specifies that the file(s) will be initially compressed before encryption is performed. This parameter is active only if the Type parameter located in the General tab is set to PGP Passphrase, PGP Public/Private key, OpenPGP Passphrase or OpenPGP Public/Private Key.

Choose Recipients

Text

No

(Empty)

KEYID="PGP Global Directory Verification Key"

Specifies the recipient(s) in which to bind the OpenPGP public key to. To select a recipient, check the corresponding check-box. This parameter is active only if the Type parameter located in the General tab is set to OpenPGP Public/Private Key.

NOTE: Selection from the Choose Recipients section overrides the General tab entries specified in the Key name/e-mail address parameters.

Key Options Tab

Property

Type

Required

Default

Markup

Description

Encrypt using

Text (Options)

Yes for Public/Private Key encryption method

Key Container

ENCRYPTUSING="KEYCONTAINER"

Indicates the encryption procedure to be used to encrypt the specified file(s). This parameter is active only if the Type parameter located in the General tab is set to Public/Private Key. The available options are:

  • Key Container: A key container will be used to encrypt the file(s).

  • Key File: A key file will be used to encrypt the file(s). Click the Folder icon to navigate to the appropriate private key (.pri) file or enter the full path and filename of the private key file in the provided text-box.

Key container name

Text

Yes

(Empty)

KEYCONTAINERNAME=

"Microsoft Enhanced Cryptographic Provider v1.0"

Specifies the name of the key container to be used. Clicking Select Key Container will open a Key Container browser allowing selection from a list of cryptographic provider names. This parameter is active only if the Encrypt using parameter is set to Key Container.

Private Key File

Text

Yes

(Empty)

KEYCONTAINERNAME=

"C:\Temp\filename.pri"

Specifies the path and filename of the public key file to be used. Click the Folder icon to navigate to the appropriate private key (.pri) file or enter the full path and filename of the private key file in the provided text-box. This parameter is active only if the Encrypt using parameter is set to Key File.

Key container level

Text (Options)

No

User

KEYCONTAINERLEVEL="USER"

Specifies whether the key container should be set to User-Level or Machine-Level. Microsoft Windows makes Machine-Level key containers available to all users, whereas a User-Level key container is available only to the user that created (or imported) the key container. The available options are:

  • User (Default)

  • Machine

Comparing Machine-Level and User-Level RSA Key Containers

User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and encrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that will make use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.

Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.