Skip to content

Egress procedure

In some cases, it may be necessary to decrypt several documents to recover their plain text version. For example, when you stop using Seald, or when you need to give an extract to an authority.

To do this, you must use the command line interface.

Prerequisites

To perform the procedure, you must:

  1. have a Seald command line interface, two choices are possible:
  • use Seald-CLI which runs exclusively on the command line;
  • use the command line interface integrated in the desktop application;
  1. ensure that it is linked to a Seald account that has the rights for the files to which the procedure is to be applied.

With Seald-CLI

Seald-CLI can be useful in programmatic use cases, an example of this is presented the guide explaing how to encrypt files on the fly in a folder.

Installation

To install Seald-CLI, you need NodeJS 14, downloadable at the following address: https://nodejs.org/en/download/. It is also possible to use a package manager such as homebrew on macOS, chocolatey on Windows or the integrated package manager or your Linux distribution (aptitude for Debian and Ubuntu for example).

  • If you use a proxy, you must configure npm to get through:
    • npm config set proxy "http://username:password@proxy:port"
    • npm config set http-proxy "http://username:password@proxy:port"
    • npm config set https-proxy "http://username:password@proxy:port"
  • npm install --global --production @seald-io/cli

Usage

You can only execute this command:

bash
$ seald <command>

In the following sections, we will take this convention.

With the desktop application

The desktop application has an embedded command line interface. Before you can use it, you need to have created an account, and the Seald desktop application must be closed.

For a detailed explanation on how to use the CLI on different operating systems, refer to its usage guide. In this case, replace the seald command in the following examples by the command corresponding to your operating system.

Online procedure

If you want to stop using Seald, you can simply decrypt all your files thanks to the command:

seald decrypt --input ENCRYPTED_FILE.seald

If you want to decrypt an entire folder, use :

seald decrypt --input ENCRYPTED_DIRECTORY --output DECRYPTED_DIRECTORY --recursive --retries 10

However, if Seald's servers are no longer available, you can follow the following procedure.

Offline procedure

If Seald's servers are no longer available, you can still decrypt the files opened by a Seald account using Seald-CLI, the database exports provided by Seald, and the key to that account. If you need these database export files, please do not hesitate to contact us at support@seald.io.

  • For each file to be decrypted: seald decrypt --input ENCRYPTED_FILE.seald --offline-database DATABASE_BACKUP.csv
  • Or for a whole file: seald decrypt --input ENCRYPTED_DIRECTORY --output DECRYPTED_DIRECTORY --recursive --offline-database DATABASE_BACKUP.csv

Please note that this will only work for encrypted files before the database export file used is created, and only for a user key created before this file. You cannot create a backup key and use it immediately with a pre-existing export file, only with subsequent exports. Nevertheless, it will work with a backup key that has been created previously but has just been installed.