CMSENCRYPT        Encrypt a file using CMS

Top  Previous  Next

Syntax:

CMSENCRYPT

[ source file ] [ target file ] [  options ]

Arguments:

[ source file ]

A variable or string defining the file name of the file to encrypt with CMS. Wildcards are not permitted in [ source file ] or [ target file ].

 

[ target file ]

A variable or string defining the file name of the newly created CMS file; if the file existed, it will be overwritten. The target file must not be the same as the source file.

Options:

 

 

 

/cipher=xx

Specify the encryption cipher. The possible values are: DES3, AES192, AES256, CAMELLIA128, CAMELLIA192, CAMELLIA256

 

 

 

 

/encryptfor=xx

This option may be used to specify the recipients public key to encrypt the file with.

 

/signwith=xx

This option may be used to specify the private key to sign the file with.

 

This script command encrypts and/or digitally signs a file using the CMS format, which is also known as PKCS #7. Files may be decrypted and/or verified using the Robo-FTP CMSDECRYPT script command.

 

To encrypt a file, you must first import the X.509 SSL certificate of the recipient into Robo-FTP. Keys are imported by using the Import Certificate functionality in the Robo-FTP Configurator. All imported certificates are displayed in the Configurator on the SSL Certificates menu.

 

To sign a file, you must first import a SSL PKCS#12 (.pfx) certificate. You must send the public X.509 certificate (.cer or .pem) that corresponds to the one found in the PKCS#12 (.pfx) file and send it to your intended recipient. They will use the X.509 certificate to verify your signature.

 

The /encryptfor and /signwith options are used to specify the certificates used for encrypting and signing. The values passed to these options must be at least partial matches to either the "common name" or "email" fields as displayed in the SSL Certification Details dialog that appears after right clicking an SSL certificate in the SSL Certificates menu and choosing View Certificate Details.  Alternately, you can be more specific in selecting the appropriate certificate by providing both the "common name" and the "email" fields together in the keyspec, as follows: "My common name <[email protected]>".

 

You must specify a certificate with one or both of /encryptfor and /signwith. If there are no certificates specified with /encryptfor, the file will not be encrypted. If there are no certificates specified with /signwith, the file will not be signed. If neither are specified the command will error out.

 

Use the /cipher option to select the cipher used by Robo-FTP to encrypt a file. If left unspecified, the default cipher is AES256.  The available ciphers are: DES3, AES192, AES256, CAMELLIA128, CAMELLIA192, CAMELLIA256.

 

In the example below, a file is encrypted using a X.509 SSL certificate identified by a partial match on the "common name" field. Because no /signwith option is provided, the target file "datafile.txt.cms" does not contain a digital signature.

 

CMSENCRYPT "datafile.txt" "datafile.txt.cms" /encryptfor="Clark Kent"

 

In the following example, a file is encrypted using the same X.509 SSL certificate as above, and additionally, signed with a SSL PKCS#12 certificate identified by a keyspec that matches the "email" field on the latter certificate. The recipient will be able to use the signature to verify the sender.

 

CMSENCRYPT "datafile.txt" "datafile.txt.cms" /encryptfor="Clark Kent" /signwith="[email protected]"

 

In the following example, the file is encrypted and signed using the same certificates in the previous example, but with both keyspecs containing the "common name" and "email" fields found in their respective certificates. This provides for greater specificity when selecting the appropriate certificate:

 

CMSENCRYPT "datafile.txt" "datafile.txt.cms" /encryptfor="Clark Kent <[email protected]>" /signwith="Bruce Wayne <[email protected]>"

 

In the following example, the file is encrypted using the CAMELLIA256 cipher instead of the default AES256 cipher:

 

CMSENCRYPT "datafile.txt" "datafile.txt.cms" /encryptfor="Clark Kent <[email protected]>" /signwith="Bruce Wayne <[email protected]>" /cipher=CAMELLIA256

 

In the following example, the file is not encrypted at all and only signed with the sender's X.509 SSL certificate:

 

CMSENCRYPT "datafile.txt" "datafile.txt.cms /signwith="Bruce Wayne"

 

Related command(s): CMSDECRYPT

See also: SSL Certificates menu, Import Certificate