SAP Kernel RSecSSFx: Secure Storage in the File System

Usage: rsecssfx [command-independent arguments] <command> [command arguments] [optional command arguments]

Available commands are:

    help
        Print usage help

    put
        Put record into the secure storage

    get
        Get record from the secure storage

    remove
        Remove record from the secure storage

    list
        List all records in the secure storage

    info
        Provide information about configuration and key management

    removelock
        Remove file lock after crash

    compact
        Compact the secure storage (release space occupied by defunct records)

    changekey
        Change the encryption key of the secure storage

    migrate
        Migrates records that were inserted with a different encryption key and were not automatically re-encrypted

    register
        Register this instance for access to the encrypted key file

    version
        Show version information of RSecSSFx tool and RSecSSFs library

    generatekey
        Generate random key suitable for "changekey" command

    createdirectories
        Create directories used by the secure storage in the file system

    lpsKeySetupForStandaloneUsage
        Set up Key System for Standalone Usage (for demo only)

    lps
        Use of Enhanced Protection with Local Protected Storage (LPS)

    formalRegPwdCheck
        Check registration password for formal correctness

    query
        Technical API as machine-compatible alternative to "info" command


Call "rsecssfx help <command>" for command-specific help.

Command-independent arguments (that must appear before the command) are:

  pf=<profile>
    Specifies the profile from which required environment data is obtained
    (SAPSYSTEMNAME, rsec/ssfs_datapath, rsec/ssfs_keypath, rsec/ssfs_lkypath).
    This must be the first argument, if used. Observe syntax (equals sign, no dash or spaces).

  -trace <n>
    Sets trace level for "dev_rsecssfx.trc" file to <n> (0..3).
    When not set or set to 0, no trace file is created and tracing takes place for standard error stream with level 0.
    This will not produce trace output on a regular basis (this behavior cannot be guaranteed).

  -traceToStderr
    When set, traces are redirected to the standard error stream, even if "trace" is used with trace level > 0.

  -v
    Print version information in standardized way. This must be the only argument, if used.

  -noEnv
    Disables evaluation of shell environment (SAPSYSTEMNAME, RSEC_SSFS_DATAPATH, RSEC_SSFS_KEYPATH, RSEC_SSFS_LKYPATH)
    that will otherwise take precedence over the values in the profile.

  -noWrap
    The command line output of messages is wrapped after a line width of 72 characters
    to improve readability. It can be disabled using this flag.