3.2.24 Execution procedure for encrypting and decrypting ABAQUS input data

Products: ABAQUS/Standard  ABAQUS/Explicit  

References

Overview

You can use the ABAQUS encryption utility to prevent the unauthorized use of ABAQUS input data. The utility converts a data file into an encrypted, password-protected format that only authorize ABAQUS input parties can access. The utility is intended for the encryption of data that you include by reference in input (.inp) files or in other data files. For example, you could encrypt a file that contains all of the proprietary material data for your model, then include the encrypted data file by reference in an unencrypted ABAQUS input file. See Including an encrypted data file” in “Defining a model in ABAQUS, Section 1.3.1, for information on how to include an encrypted data file in an ABAQUS input file.

You can encrypt any input file. However, ABAQUS cannot run an encrypted ABAQUS input file directly; the encrypted file must be included in an unencrypted file.

Specifying additional access levels and controls

You can customize your encryption so that only users with a license for a particular ABAQUS feature or from a particular site can include or decrypt the file. For example, you can specify that only ABAQUS/Standard users can access the file. You can also prevent decryption of an encrypted file by any user, regardless of their license and site; end users can still use the encrypted data in an analysis by including it by reference in an unencrypted ABAQUS input file, provided that the users know the encrypted file's password.

Security and support considerations

The intent of the ABAQUS encryption implementation is to prevent unauthorized use of encrypted input data, not to prevent disclosure of encrypted data to authorized users. Running an ABAQUS analysis input using encrypted data produces output and temporary files that are not encrypted. This approach means that recipients of encrypted data who satisfy the access criteria, such as the password, license feature or SiteID, will be able to reconstruct the input in unencrypted form. Providers of encrypted data should consider establishing contractual agreements to protect proprietary data. Users of encrypted data must accept responsibility for security of files produced from encrypted input and should consider restricting access to resulting analysis files.

ABAQUS technical support cannot retrieve lost passwords for encrypted data files. Users receiving encrypted data should contact the data provider for any technical support issues.

Adding comments to the header of an encrypted file

When you encrypt a file, ABAQUS adds the following unencrypted comment line to the beginning of the file:

** encrypted input
Do not modify or delete this header comment. You can, however, insert additional comment lines between this header comment and the first line of encrypted data. These post-encryption comment lines can describe the encrypted file's contents, provide version numbers, or display copyright and legal information about the encrypted data. For more information about comment line syntax, see Input syntax rules, Section 1.2.1.

You should not, however, add post-encryption comment lines within the lines of encrypted data. If you want to edit or amend the comment lines within the data itself, you must first decrypt the data.

Command summary

abaqus {encrypt | decrypt}
input=input-file-name
 
output=output-file-name
password=password
[license=feature_list]
[siteid=site-id_list]

Command line options

input

This option specifies the name of the data file that you want to encrypt or decrypt.

If you omit this option from the command line, ABAQUS will prompt you for its value.

output

This option specifies the name of the data file after encryption or decryption.

If you omit this option from the command line, ABAQUS will prompt you for its value.

password

This option specifies the password for this encryption or decryption. Passwords are case-sensitive.

If you omit this option from the command line while encrypting data, ABAQUS will prompt you for its value. If you enter the password incorrectly or omit it from the command line while decrypting data, ABAQUS reports that the input file is either corrupted or the password is incorrect.

license

This option applies only to file encryption.

This option specifies the ABAQUS feature or features for which end users must be licensed if they want to include or decrypt this encrypted data file. You can use a comma-separated list to allow access to the file by licensees of any one of a series of ABAQUS features.

Any feature name that appears in an ABAQUS license file is valid. These might include the following features: foundation, standard, explicit, design, aqua, ams, cae, viewer, cae_nogui, adams, cmold, moldflow, safe, cadporter_catia, cadporter_catiav5, cadporter_ideas, cadporter_parasolid, cadporter_proe, afcv5_structural, and afcv5_thermal.

siteid

This option applies only to file encryption.

This option specifies the ABAQUS Site ID or IDs where end users can include or decrypt this encrypted data file. You can use a comma-separated list to allow multiple sites access to the file. You can use this option only when you also use the license option.

To determine your ABAQUS Site ID, run abaqus whereami from a command prompt.

include_only

This option applies only to file encryption.

This option specifies that encrypted input data cannot be decrypted using the abaqus decrypt execution procedure; such data can only be included in an ABAQUS input file.

If you attempt to decrypt a file that was encrypted with the include_only option, ABAQUS issues an error message stating that the input file can be included in an analysis but is not eligible for decryption.

Examples

The following examples illustrate the different encryption methods that are possible using the encrypt execution procedure.

Creating encrypted files

In the simplest encryption scenario an ABAQUS user creates an encrypted copy of a file named material_data.inp, which contains all of the material data for a model, before sending the encrypted version to an authorized end user. Encryption prevents unauthorized users from accessing the encrypted file during its transmission. To create an encrypted copy of material_data.inp named material_data_enc.inp, issue the following command:

abaqus encrypt input=material_data.inp
   output=material_data_enc.inp password=e1No9c2z
Upon receiving the file, the end user can run the abaqus decrypt execution procedure to create a copy of the original, non-encrypted material data file. Because of the encryption options selected in this example, the end user requires only the encrypted file's password to decrypt it. To decrypt the encrypted data file material_data_enc.inp, producing the non-encrypted file material_data.inp, issue the following command:
abaqus decrypt input=material_data_enc.inp
   output=material_data.inp password=e1No9c2z
Alternatively, the end user can skip the decryption and run an analysis that includes the encrypted data by reference. To include the encrypted file by reference in an ABAQUS input file, add the following statement to the input file:
*INCLUDE, INPUT=material_data_enc.inp, PASSWORD=e1No9c2z

Limiting access to decrypted files by license feature or site ID

You can specify that end users cannot access the file unless they have a valid license for a particular ABAQUS feature, run ABAQUS at a particular site, or satisfy both of these criteria. To encrypt a data file that can be accessed only by users who have an ABAQUS/Explicit license and who run the software at site 09YYY, issue the following command:

abaqus encrypt input=material_data.inp
   output=material_data_enc.inp password=e1No9c2z 
   license=explicit siteid=09YYY
An end user can attempt to access the file material_data_enc.inp using the same decryption or inclusion syntax specified in the previous example. For this encrypted file, ABAQUS would validate that the end user has an ABAQUS/Explicit license and is running ABAQUS at site 09YYY before providing access to the file. If the end user's license or site settings do not match those specified during encryption, ABAQUS issues an error message that lists the licenses or sites that are required to access the file.

Creating encrypted files that must be included to be used by ABAQUS

You can use the include_only option to prevent end users from decrypting the file directly using abaqus decrypt. Authorized users can access a file encrypted with the include_only option by including the file by reference in an ABAQUS input file. After including the file in the analysis, authorized users will have access to some form of the encrypted data in the output and temporary files produced by the analysis. To create an encrypted file that is available only for inclusion by reference in other input files, issue the following command:

abaqus encrypt input=material_data.inp
   output=material_data_enc.inp password=e1No9c2z include_only
The resulting encrypted file can be included by reference in an ABAQUS input file using the same syntax as in the previous example. If you attempt to decrypt a file that was encrypted with the include_only option, ABAQUS returns an error message.