The procedure for enrypting/decrypting command input involves these commands:
The following topics describe how to use these commands:
The typical workflow for encrypting input and using it is shown below.
Prepare the input
Create the encrypted Input
Share the encrypted input
Share the encrypted input with trusted individuals who need to use it as part of their analysis.
Also share the encryption key with those individuals.
Use the encrypted input (in a new analysis)
Set the global encryption key using /DECRYPT,PASSWORD,Key2. Here
Key2
must match the encryption key value used on the /ENCRYPT command used to encrypt the data.Execute the input in Mechanical APDL.
(Optional) After you are done using the input, delete the global encryption key with the command /DECRYPT,PASSWORD,OFF
The following section describes these steps in detail.
Following are details of how to create and use an encrypted input file:
Before encrypting command input, first create the input and verify that it is valid and executes properly. If the input is for a macro, you would create and debug the macro as usual (see Creating a Macro).
Important: When you create encrypted command input or an encrypted macro, you are responsible for keeping the original source file. You cannot recreate the source file from an encrypted file.
You then add an /ENCRYPT command as the first and last lines of the command input (or macro). On the first line add:
/ENCRYPT,Key
,Fname
,Ext
where:
Key
is a the encryption key (32-character maximum).Fname
is the name of the encrypted file (including directory path).Ext
is an optional file extension for the encrypted file. If it is a macro and you want users to execute the macro as an unknown command, you should use the .mac extension.
Note the placement of /ENCRYPT at the top and bottom of the listing in the following macro file example:
/encrypt,mypasswd,macro/myenfile,mac /nopr /prep7 /view,,-1,-2,-3 block,,arg1,,arg2,,arg3 sphere,arg4 vsbv,1,2 finish /gopr /encrypt
The /ENCRYPT command at the top of the input instructs Mechanical APDL to encrypt the file and use the string "mypasswd" as the encryption key. It will create an encrypted macro file called myenfile.mac and place it in the /macro subdirectory of the current working directory. The /ENCRYPT command at the bottom instructs Mechanical APDL to stop the encryption process and write the encrypted macro to the specified file.
To further secure the information within your input, it is recommended you suppress writing of the decrypted input data to the output file (or window) by one of these methods:
Add a /NOPR command as the second line of the input to turn off echoing of Mechanical APDL commands to the output file. It is good practice to reactivate the printout by issuing the /GOPR command as the last command in the input before the ending /ENCRYPT command (as shown in the above example macro). Use of /NOPR is not recommended when the graphical user interface (GUI) is active (see /NOPR for details).
or
Use the /OUTPUT command at the beginning of the input to redirect the output to a scratch file (for example, /OUTPUT,scratch), and then delete the scratch file (/DELETE,scratch) and database file (/DELETE,
Jobname
,db) before ending the encryption. This method is more effective than the /NOPR method.
Important: There are no commands that can fully guarantee the input data is unrecoverable. Anyone who has the encryption key may be able to determine the commands that were issued. Therefore, only give the encryption key to people you trust.
After putting the /ENCRYPT commands at the top and bottom of the input, you can create the encrypted version by simply executing the command input through Mechanical APDL. The program creates the encrypted version with the name and location you specified by the /ENCRYPT command at the top of the input. The result should look something like this:
/DECRYPT,PASSWORD,OPENSSL \¢ŸŽÛ®6¾Â¦Æ—è|ã“ÐÎLåa“ýX†TýŠèFЕšà ßAÉ+‡^‰ÇýúpmN“½ \ýC¿íá1ŸÝªæäËÐF¹ ò(Öãè½Ð,½íæ:ã[`>v‰¾RÜM®’¹öųos 4 G$]}ü[i·ò…˜¿ß|JǧÍ>lÈ`ƒñ¸I,JgOŠ Ùí?ƒ÷¶Î¨rŒo{UF]=פE8*ÓN?{žéÓ¼ z†2ð>wŠÎÚ'ÏÄnïþYé|@˜7ä6Ñq§ÒŒªEÔÈ ¿4è#äùŒ¼uÍ|}7¢ÍNŠßž›l,ê§ÉŸ°£sU¾ «ÛŠœnÈVJëÀ?\'1T`GÕj=h†tkŠ{©ÿsˆÃ /DECRYPT
Note that the individual commands are now encrypted, and the encrypted information is enclosed by /DECRYPT commands. The /ENCRYPT command automatically inserts the appropriate commands: /DECRYPT,PASSWORD,OPENSSL on the first line, and /DECRYPT with no arguments on the last line.
At this point, you can share the encrypted command input or macro with trusted individuals. They will also need the encryption key you specified on the /ENCRYPT command.
Before executing the command input or macro within Mechanical APDL, set the global encryption key to the same value that was used to encrypt the input. To do so, issue the following command somewhere in your analysis input file or in the Command Input Window of the Mechanical APDL user interface:
/DECRYPT,PASSWORD,Key2
where Key2
is the encryption key you
entered on the /ENCRYPT command. You can now execute the
encrypted input by using the /INPUT command or the
*USE command.
For example, you run an encrypted macro just as you would any other macro (see APDL as a Macro Language for more information). Be sure to place the encrypted macro within the macro search path. If you choose to use the *USE command, it would look like this:
*USE,macro/myenfile.mac
Note: You will get an error if the key used for decryption doesn't match the encryption key or if the encrypted command input was modified after it was created.
When you are done using the encrypted input, you may choose to delete the current global encryption key by issuing the following command:
/DECRYPT,PASSWORD,OFF