CPABE-ENC

NAME
SYNOPSIS
DESCRIPTION
EXAMPLES
POLICY LANGUAGE
REPORTING BUGS
SEE ALSO

NAME

cpabe-enc − manual page for cpabe-enc 0.9

SYNOPSIS

cpabe-enc [OPTION ...] PUB_KEY FILE [POLICY]

DESCRIPTION

Encrypt FILE under the decryption policy POLICY using public key PUB_KEY. The encrypted file will be written to FILE.cpabe unless the −o option is used. The original file will be removed. If POLICY is not specified, the policy will be read from stdin.

Mandatory arguments to long options are mandatory for short options too.
−h
, −−help

print this message

−v, −−version

print version information

−k, −−keep−input−file

don’t delete original file

−o, −−output FILE

write resulting key to FILE

−d, −−deterministic

use deterministic "random" numbers (only for debugging)

Parts Copyright (C) 2006, 2007 John Bethencourt and SRI International. This is free software released under the GPL, see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

EXAMPLES

A simple policy:

$ cpabe-enc pub_key security_report.pdf ’foo and (bar or bif)’

A complex policy specified on stdin:

$ cpabe-enc pub_key security_report.pdf
(sysadmin and (hire_date < 946702800 or security_team)) or
(business_staff and 2 of (exec_level >= 5#4, audit_group, strat_team))
^D

POLICY LANGUAGE

Policies are specified using simple expressions of the attributes given to cpabe-keygen (1). The most basic policy consists of a single such attribute. It will only match keys produced by giving that attribute (possibly among others) to cpabe-keygen (1).

Another type of policy consists of a comparison between an attribute name and a non-negative integer. The following comparisons are allowed: ‘<’, ‘>’, ‘<=’, ‘>=’, and ‘=’. In this case, the attribute used must be a numerical attribute and specified appropriately to cpabe-keygen (1) (see its man page for details). Note that a comparison with an explicit length integer (e.g., "exec_level >= 5#4") can only match an attribute with the same length (so "exec_level = 8#4" will match but "exec_level = 8#5" will not).

Policies of these two basic types may be combined using the the keywords ‘and’ and ‘or’ (which may not be used as attributes), as shown in the first example above. The ‘and’ operator has higher precedence than ‘or’, and parenthesis may be used to specify other groupings.

Policies may also be combined using a threshold gate operator, written as ‘K of (P1, P2, ... PN)’, where K is a positive integer less than or equal to N, and P1, ... PN are policies. Such a policy will only be satisfied by a key that satisfies at least K of the policies P1, ... PN. An example of the threshold gate operator is included as part of the policy in the second example above.

Note that attribute names are case sensitive and must begin with a letter, and the keywords ‘and’, ‘or’, and ‘of’ may not be used. Also, ‘&’ and ‘|’ are synonyms for ‘and’ and ‘or’.

REPORTING BUGS

Report bugs to John Bethencourt <bethenco@cs.berkeley.edu>.

SEE ALSO

cpabe-setup(1), cpabe-keygen(1), cpabe-dec(1)