Mechanical APDL provides two methods for encrypting material data in a database file:
One-level encryption requires you to set one global key (
KeyA). All materials are encrypted with this one key. Anyone who knows and uses the global key to decrypt the database file has full access to all the material data in the database.Two-level encryption requires you to set two passwords, one key for access control (
KeyA), another key for encryption/decryption (KeyB). This enables you to control how much access others have to the data. You can also specify the materials you want to encrypt. If none are specified, all materials are encrypted by default.
For security reasons, decryption is disabled in user-linked versions of Mechanical APDL.
The procedure for enrypting/decrypting material data involves these commands:
/DBENCRYPT, KeyA,
KeyB, DataType,
NUM1, NUM2,
INC |
/DBDECRYPT, KeyA,
KeyB, DataType,
NUM1, NUM2,
INC |
The following topics describe how to use these commands:
The typical workflow for encryption and decryption is shown below.
Encrypt the database file
Define all materials that are to be encrypted.
Decide if you need to use one-level or two-level encryption.
Issue /DBENCRYPT commands as needed to encrypt these materials before saving the database. One /DBENCRYPT command is sufficient for one-level encryption. More than one might be needed for two-level encryption with multiple materials.
Issue the SAVE command to save the database.
Share the encrypted database file
Share the encrypted database file with trusted individuals who need to use it as part of their analysis.
Also share the encryption key (or keys) with those individuals.
Resume the encrypted database file
Issue the necessary /DBDECRYPT commands with the appropriate encryption keys for each material before resuming the database. The number of /DBDECRYPT commands required and their format depends on whether one-level or two-level encryption was used, and also on how many materials were encrypted and whether they use the same encryption keys.
Issue the RESUME command to resume the database.
The following section describes these steps in detail.
Based on your requirements, choose one of the following material encryption methods:
For one-level encryption, use the /DBENCRYPT command to set
one global key (KeyA). Set
NUM1 = ALL (or leave
NUM1, NUM2, and
INC blank) to encrypt all materials with the same
key:
/dbencrypt,mykey,,mat ! KeyA = mykey, KeyB is blank.
! All materials are encrypted by default.
save ! Save Jobname.dbAt this point, you can share the encrypted database and password with trusted individuals.
Before resuming the encrypted database file, those individuals must issue the /DBDECRYPT command to set the decryption key as shown below. This gives them full access to the database once it is resumed.
/dbdecrypt,mykey,,mat ! KeyA = mykey, KeyB is blank. resume ! Resume Jobname.db
Using different encryption keys for different materials in a one-level encryption is not recommended since the user must have all the encryption keys to decrypt the database. Therefore, there is no advantage to setting multiple encryption keys.
Two-level encryption involves both KeyA and
KeyB on the /DBENCRYPT and
/DBDECRYPT commands.
By this encryption method, you may choose to give trusted individuals partial or full access to the material data:
To give partial access, share only
KeyB. The user can resume the database and can use the materials to solve the model, but they cannot look at the material data. (See Partial Access Limitations.)To give full access, share
KeyAandKeyB. The user can resume the database, solve the model, and look at the material data.
Encryption Step
Set both KeyA and KeyB
for each material that needs to be encrypted.
The following example encrypts all materials with the same keys.
/DBENCRYPT,mykeyA,mykeyB,mat,all ! Encrypt all materials with KeyA = mykeyA, KeyB = mykeyB. save,case1 ! Save case1.db
Alternatively, you can encrypt different materials with different
KeyA values. It is recommended that you use the
same KeyB value for all materials in the database
file.
The following example assumes that 10 materials are defined. Materials 1 to 5
and materials 6 to 10 are encrypted with different
KeyA values. The same
KeyB value is used for all materials.
/dbencrypt,mykeyA1,mykeyB,mat,1,5,1 ! Materials 1 to 5 use mykeyA1 and mykeyB. /dbencrypt,mykeyA2,mykeyB,mat,6,10,1 ! Materials 6 to 10 use mykeyA2 and mykeyB. save,case2 ! Save case2.db
After saving the case2.db file, you can share it and the
passwords with trusted individuals. You always need to share
KeyB along with the database file so that others
can decrypt the material data and use the database. Also share the
KeyA values if you want others to see the
material data.
Decryption Step
In the following example, the database file is resumed, and the user has full
access to all 10 materials since they know the KeyA
and KeyB values.
/dbdecrypt,mykeyA1,mykeyB,mat,1,5,1 ! Decrypt Materials 1 to 5 with full access /dbdecrypt,mykeyA2,mykeyB,mat,6,10,1 ! Decrypt Materials 6 to 10 with full access resume,case2 ! Resume case2.db
If the user has KeyB but not both
KeyA values, they can still resume the database,
but they cannot unlock full access to all materials. The following command
sequence shows that the user has full access to materials 6 to 10 but only
partial access to materials 1 to 5.
/dbdecrypt,,mykeyB,mat,1,5,1 ! Partial access to materials 1 to 5 /dbdecrypt,mykeyA2,mykeyB,mat,6,10,1 ! Full access to materials 6 to 10 resume,case2 ! Resume case2.db
When a user has only partial access to a material, the following commands are ignored and return a warning:
CDWRITE (material data is skipped)
*GET (getting material data is blocked)