Encryption

The aiguard encrypt [options] command is used to encrypt datasets and model scripts.

In the preceding command, [options] indicates the CLI options. For details about these options, see Table 1.

**Table 1** Parameter description
Parameter	Description
--input_path or -i	Mandatory. It indicates the path of the plaintext data to be encrypted. Data to be encrypted can be in the following types: Single file: File permission is 600 or 400. Single folder: Folder permission is 700 or 500, and the permissions on the files in the folder is 600, 500, or 400. All contents in the directory and its subdirectories in this path are encrypted. However, the total number of files to be encrypted at a time cannot exceed 2 x 10⁷. The size of a single file to be encrypted must be less than 10 GB. NOTE: Ensure that the owner group of the encryption/decryption tool is the same as that of the data to be encrypted and decrypted. After the encryption or decryption is complete, check whether the file permission meets the requirements.
--output_path or -o	Mandatory. It indicates the path for storing the encryption result. NOTE: The path cannot be a directory or subdirectory at the same level as --input/-i. Ensure that you have at least the 700 permission on the path.
--cipher_alg_id or -C	Optional. It specifies the encryption algorithm. The default value is 2. Options are: AES128_GCM = 0, AES192_GCM = 1, or AES256_GCM = 2.
--hmac_alg_id or -H	Optional. It indicates the data integrity check algorithm. The default value is 0. Options are: SHA256 = 0, SHA_384 = 1, or SHA_512 = 2.
--h or --help	Optional. It displays the help information.
-f or --key_file	Mandatory. It specifies the file path of the master key exported from AI-VAULT. The encryption password of the master key is required to set this parameter.
-e or --encrypt_tool	Optional. Encryption tool. 0 (default) indicates crypto_fs, and 1 indicates client_tool.

Parent topic: AI-GUARD Command Description