Crypto_fs Command Parameters

-V, --version

Version information.

-h, --help

Help information

-d, --log_level=<N>

Optional. 0: logs are not printed. 1: only ERROR logs are printed. 2: ERROR and WARN logs are printed. 3: ERROR, WARN, and INFO logs are printed. 4: ERROR, WARN, INFO, and Fuse debug logs are printed. The default value is 3.

-k, --kernel_cache

Optional. It caches files in the kernel based on the number of modification times.

-s, --single_thread

Optional. It disables multi-thread operations.

-m, --max_idle_threads=<N>

Optional. Maximum number of idle working threads. Value range: [1,256]. Default: 10.

-p, --python='app.py [params list]'

Mandatory. It specifies the Python script to be executed and its parameters. The Python script must be a ciphertext script.

-E, --encrypt_alg=<N>

Optional. Encryption algorithm used when the CFS creates a file. Default value: 2. N can be 0, 1, or 2.

• AES_128_GCM 0
• AES_192_GCM 1
• AES_256_GCM 2

-B, --block_size=<N>

Optional. It specifies the size of the ciphertext block when the CFS creates a file. Default value: 131072 (128 KB). The minimum value of N is 4096 (4 KB) and the maximum value is 5242880 (5 MB).

-A, --hmac_alg=<N>

Optional. It specifies the HMAC algorithm used when the CFS creates a file. Default value: 2. N can be 0, 1, or 2.

• HMAC_SHA_256 0
• HMAC_SHA_384 1
• HMAC_SHA_512 2

-K, --key_update_frequency=<N>

Optional. Data key update frequency. N indicates that N files use the same working key. Default value: 1. N ranges from 0 to 4294967295.

-t, --key_cache_time=<N>

Optional. Data key cache duration. Default value: 60. Value range: [0,60], in seconds.

-r, --retry_times=<N>

Optional. It specifies the number of retry times after KMSAgent fails to be accessed. Default value: 30. Value ranges from 0 to 4294967295. The value 0 indicates that the system retries until the access is successful.

--cert_file='file'

Mandatory. Certificate file used for two-way authenticated communication between CFS and KMSAgentTLS.

--pri_key_file='file'

Mandatory. Private key file used for two-way authenticated communication between CFS and KMSAgentTLS.

--ca_file='file'

Mandatory. CA certificate file used for two-way authenticated communication between CFS and KMSAgentTLS.

--crl_file='file'

Optional. CRL file used for two-way authenticated communication between CFS and KMSAgentTLS. The default value is empty.

--tls_version='string'

Optional. Version used for two-way authenticated communication between CFS and KMSAgentTLS. The value must be TLSv1.3.

--cipher_suite='string'

Optional. Cipher suite used for two-way authenticated communication between CFS and KMSAgentTLS. The default value is TLS_AES_256_GCM_SHA384.

--cert_check_period=<N>

Optional. Interval for checking the validity period of the CFS certificate, in days. The default value is 7. The value ranges from 7 to 180 and cannot exceed the value of cert_alarm_time.

--cert_alarm_time=<N>

Optional. Remaining validity period of the CFS certificate when the alarm is generated, in days. The default value is 30. The value ranges from 30 to 180 and must be greater than or equal to the value of cert_check_period.

--ip='ip_address'

Optional. It specifies the CFS connection IP address. The default value is determined by the network created by 1.

--port=<N>

Optional. It specifies the CFS connection port. The default value is 1024.

--run_log_path='log_path'

Optional. It specifies the path for printing CFS run logs. The default value is the current path.

--max_log_size=<N>

Optional. Maximum size of a CFS run log file, in bytes. The default value is 10485760. The value ranges from 512 to 20971520.

--max_log_file_num=<N>

Optional. It specifies the maximum number of CFS run logs. The value ranges from 1 to 20. The default value is 10.

--max_mem=<N>

Optional. It specifies the maximum memory threshold. The default value is 40.