fglpass

The fglpass tool allows you to encrypt passwords.

Syntax

fglpass [options]

options are described in fglpass options.

Options

Table 1. fglpass options
Command	Description
`-V`	Displays version information of the tool.
`-Vssl`	Displays OpenSSL version.
`-h`	Displays options for the tool.
`-e`	Encrypt the password with a RSA key or certificate and encode it in BASE64 form.
`-d`	Decode the BASE64 form of the password and decrypt it with a RSA private key.
`-w cert`	Windows® certificate name to encrypt the password (Windows only)
`-c cert`	File of the PEM-encoded certificate to encrypt the password.
`-k key`	File of the PEM-encoded private key to encrypt or decrypt the password.
`-enc64 file`	File to be BASE64 encoded (result to stdout)
`-dec64 file`	BASE64 encoded file to be decoded (result to stdout)
`-agent:port files`	Start password agent on specified port to serve the list of private key files.
`-gid`	When executing fglpass in agent mode (with `-agent` option), allows authentication to be performed for all users belonging to the group of current users executing the command. This option requires the FGLPROFILE entry `security.global.agent.gid=true` for fglrun.

Usage

The fglpass command line tool allows you to:

Encrypt a password using a RSA key or X.509 certificate and encode it in BASE64 form.
Run a password agent that returns (in a protected way) the passwords that grant access to the different private keys used in all your applications.
Encode a file in BASE64 form and decode it back.

For security reasons, it is recommended to avoid storing clear passwords in a file, or leave private keys unprotected without a password. The fglpass command can be used to encrypt passwords.