This section is for system administrators, programmers and other advanced users.
AxCrypt may be called by other programs, or manually, by specifying command-line arguments. The general syntax is:
AxCrypt [-i [.ext] | p | u | x ] | [-b tag] [-f] [-c] [-g] [-n filename] [-m] [-e] [-a | -k "passphrase"] [-z | d | o | w | s | q | h | J file(s)] [-t [tag]] | file(s)
Except for -i -p -u -x, the options are interpreted sequentially and may occur multiple times if it makes sense.
The options and their meanings are:
| -i [.ext] | Install | Set all registry values to default. Set the extension to associate with AxCrypt - default is .axx. |
| -p | Psp test | Test for the need to install psapi.dll. Only relevant on NT. If return code is 0, no need. This is an installation helper function only. |
| -u | Uninstall | Clear all registry values. |
| -x | eXit | End the resident server process, if loaded. |
| -b tag | Batch id | Define a tag, or batch id, to be used with subsequent pass phrases. These pass phrases will only be used when the same tag is specified in future calls to AxCrypt. The batch id is a decimal non-zero positive 32-bit signed integer. Odd values are reserved for internal use. If no -b option is given, saved pass phrases are 'global'. All tagged pass phrases are saved until cleared with -t. |
| -f | Toggle Fast mode | Will modify certain operations to execute fast, rather than safe and/or secure. There is no guaranteed effect. Initially off. |
| -c | Toggle Copy-only flag | Causes subsequent -d and -z to retain the originals. May be combined with -f for fast copy without wiping of temporaries. Initially off. |
| -g | Toggle ignore encrypted flag | If set, attempted encryption of already encrypted files will do nothing. Initially off. |
| -n | Output Name | Defines a file name to be used as output instead of default for the next -z or -d. |
| -m | Toggle recurse flag | If set, causes subsequent wild card file names to search into sub-directories. Initially off. |
| -e | Encryption pass phrase definition | Subsequent -a or -k options on this invocation define the default encryption key instead of one of possibly many decryption keys. The -b option may be used to define pass phrases with limited context. |
| -a | Add pass phrase | Prompt for a pass phrase using the AxCrypt standard safe dialogues. -b and -e may be used as modifiers. |
| -k "pass phrase" | Cache pass phrase | Cache the given pass phrase, quotes are recommended. The pass phrase is case-sensitive. -b and -e may be used as modifiers. |
| -z | encrypt | Encrypt (and if useful compress) the given file(s) with either the current default encryption key, or with one that is prompted for. The originals are wiped. -b, -c, -g, -f and -n may be used as modifiers. |
| -J | self-decrypt encrypt | Encrypt (and if useful compress) and copy the given file(s) with either the current default encryption key, or with one that is prompted for to a self-decrypting executable archive. -b, -g and -n may be used as modifier. Default is to ignore files that already are self-decrypting. |
| -d | Decrypt | Decompress and decrypt the given file(s) with either a cached key, or with one that is prompted for. -b, -c, -f and -n may be used as modifiers. |
| -o | Open | Open the given file(s) with the appropriate application after temporary decryption and decompression. If they are modified after application exit, they are re-encrypted with the same pass phrase. -b may be used as modifier. |
| -w | Wipe | Wipe the given files and delete. Show a confirmation warning first. |
| -s | wipe Silent | Wipe the given files and delete, but do not ask for confirmation. |
| -q | Query pass phrase cache | Return exit code 0 if all files given have pass phrases in the cache already. -b may be used as modifier. |
| -h | Anonymous rename | Renames the given file(s) to anonymous names. The original names will be restored on decryption. |
| -t | Clear pass phrase cache | Clear the internal pass phrase cache. If -b is given, only pass phrases associated with that tag are affected, otherwise all are removed, tagged and un-tagged alike. |
If no options are given but just file(s), they are opened as with -o. Otherwise the most recent -z, -d, -c, -o, -w, -s or -h determines the operation performed on the file.
The first time AxCrypt is started, a server process is initiated which will run until terminated. It is within this process that the pass phrase cache is kept, in a secure manner.
All operations are 'waitable', and will return a non-zero exit code on error.
The 'flag' options are important to specify before the operations they intend to modify, parameters are parsed and executed sequentially as the appear on the command line. Only operating system restrictions on command line lengths limit the number of operations on a single line. If any operation returns an error, the rest of the command line is ignored, and that error is returned as exit code.
Standard wild cards are accepted for all file specifications, except for Open. If the recursion flag is enabled, sub-directories will be searched too.
If you need to do several operations, and keep them together, without
affecting the "global" pass phrase cache, use the -b option with an arbitrary
tag as described above. Deriving one from the time of day may be appropriate for
example. The -b option is valid over multiple calls to the server process, as
long as it is not restarted.