Secure Global Desktop Administration Guide > Commands > The tarantella security decryptkey command

The tarantella security decryptkey command

Syntax

tarantella security decryptkey --enckey enckeyfile
                               --deckey deckeyfile
                               [ --format PEM|DER ]

Description

Decrypts an encrypted private key so that you can use it with Secure Global Desktop. This lets you use an X.509 certificate that you're already using with another product (a web server, for example) rather than obtaining a separate certificate for use exclusively with Secure Global Desktop.

Note You can only decrypt private keys that were originally encrypted by a product that uses SSLeay or OpenSSL certificate libraries.

See the tarantella security certuse command for information about how to share certificates in this way.

Argument Description
--enckey enckeyfile Specifies the location of the encrypted private key that you want to decrypt. Only keys encrypted by a product that uses SSLeay or OpenSSL certificate libraries can be decrypted.
--deckey deckeyfile Specifies a file where the decrypted key will be stored.

Note For security reasons, it is very important to restrict access to private keys, especially when stored in an unencrypted form. Access to private keys by unauthorized users can result in a serious security breach. Store private keys accordingly.

--format PEM | DER Specifies the format in which the encrypted key is stored. Defaults to PEM.

Examples

tarantella security decryptkey \
  --enckey /opt/keys/key1 \
  --deckey /opt/keys/key2 \
  --format DER

Decrypts the key /opt/keys/key1 (which is stored in DER format), placing the decrypted key in /opt/keys/key2.

Related topics