Secure Global Desktop Administration Guide > Commands > The tarantella security decryptkey command
tarantella security decryptkey --enckey enckeyfile --deckey deckeyfile [ --format PEM|DER ]
Decrypts an encrypted private key so that you can use it with Secure Global Desktop. This lets you use an X.509 certificate that you're already using with another product (a web server, for example) rather than obtaining a separate certificate for use exclusively with Secure Global Desktop.
Note You can only decrypt private keys that were originally encrypted by a product that uses SSLeay or OpenSSL certificate libraries.
See the tarantella security certuse
command for
information about how to share certificates in this way.
Argument | Description |
---|---|
--enckey enckeyfile |
Specifies the location of the encrypted private key that you want to decrypt. Only keys encrypted by a product that uses SSLeay or OpenSSL certificate libraries can be decrypted. |
--deckey deckeyfile |
Specifies a file where the decrypted key will be stored.
Note For security reasons, it is very important to restrict access to private keys, especially when stored in an unencrypted form. Access to private keys by unauthorized users can result in a serious security breach. Store private keys accordingly. |
--format PEM | DER |
Specifies the format in which the encrypted key is stored. Defaults to PEM. |
tarantella security decryptkey \ --enckey /opt/keys/key1 \ --deckey /opt/keys/key2 \ --format DER
Decrypts the key /opt/keys/key1
(which is stored in
DER format), placing the decrypted key in /opt/keys/key2
.
Copyright © 1997-2006 Sun Microsystems, Inc. All rights reserved.