Using KeyIDs for Encryption and Decryption

Once you have created KeyIDs in the Cloud VM Set as described in Creating KeyIDs with the CLI, you can use those KeyIDs to encrypt and decrypt files on any of the VMs in the set.

Log into the VM that contains the files you want to copy.

If desired, add the files into a single archive file.

If you want to see the available list of KeyIDs available in this Cloud VM Set, enter the command hcl keyid -l. For example:

# hcl keyid -l
Keyid          Algorithm    Description
-----          ---------    -----------
hq_key         AES-256      Secure exchange of HQ data
sf_datacenter  AES-128      Key for the San Francisco datacenter

Encrypt the files using the command hcl encryptfile -k keyid filename [encryptedfile], where:
- keyid is the name of the KeyID that you want to use for encryption.
- filename is the name of the file that you want to encrypt.
- encryptedfile is the name of the output file that you want hcl to create. If you omit this option the command writes the output to stdout.
For example:
```
# hcl encryptfile -k hq_key files.zip files.zip.enc
```
Copy the encrypted files to any target VM that resides in the same Cloud VM Set.
Log into the target VM as an Administrator.
Decrypt the file on the target VM using the command hcl decryptfile encryptedfile [filename], where:
- encryptedfile is the name of the encrypted file that you want hcl to decrypt. The encrypted file contains information about the KeyID that was used during encryption and uses that KeyID to decrypt the file as long as the KeyID is part of the VM's Cloud VM Set.
- filename is the name of the file to which hcl should write the decrypted output. If you omit this option the command writes the output to stdout.
For example:
```
# hcl decryptfile files.zip.enc files.zip
# unzip files.zip
Archive:  files.zip
  inflating: file1
  inflating: file2
  inflating: file3
  inflating: file4
  inflating: file5
```