This section is for system administrators, programmers and other advanced users.

Legacy AxCrypt^[1] 1.x may be called by other programs, or manually, by specifying command-line arguments. The general syntax is:

AxCrypt [-i [.ext] | p | u | x ] | [-l] | [-V n] [-v n] [-b tag] [-f] [-c] [-g] [-n filename] [-m] [-e] [-a | -k "passphrase"] [-K folder | filename] [-O path2exe] [-z | d | o | w | s | q | h | J file(s)] [-t [tag]] | file(s)

Except for -i -p -u -x, the options are interpreted sequentially and may occur multiple times if it makes sense.

If no options are given but just file(s), they are opened as with -o. Otherwise the most recent -z, -d, -c, -o, -w, -s or -h determines the operation performed on the file.

The first time AxCrypt is started, a server process is initiated which will run until terminated. It's within this process that the pass phrase cache is kept, in a secure manner.

All operations are 'waitable', and will return a non-zero exit code on error.

The 'flag' options are important to specify before the operations they intend to modify, parameters are parsed and executed sequentially as the appear on the command line. Only operating system restrictions on command line lengths limit the number of operations on a single line. If any operation returns an error, the rest of the command line is ignored, and that error is returned as exit code.

Standard wild cards are accepted for all file specifications, except for Open. If the recursion flag is enabled, sub-directories will be searched too.

If you need to do several operations, and keep them together, without affecting the "global" pass phrase cache, use the -b option with an arbitrary tag as described above. Deriving one from the time of day may be appropriate for example. The -b option is valid over multiple calls to the server process, as long as it's not restarted.

To minimize the risk of a user entering a passphrase on one system, where it gets difficult to generate the same characters on another system with a different keyboard, certain characters from the ANSI set have been excluded. Also note that currently the passphrase dialog as such does not allow Unicode characters. The following are the legal characters:

<space>
!"#$%&'()*+,-./0123456789:;<=>?@
ABCDEFGHIJKLMNOPQRSTUVWXYZ [\] _abcdefghijklmnopqrstuvwxyz {|}
€ŠŒŽšœžŸ¡ ¢£¤¥§±¼½¾¿ ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏ ÐÑÒÓÔÕÖØÙÚÛÜÝ Þßàáâãäåæçèéêëìíîïð ñòóôõöøùúûüýþÿ

The full key is derived from the passphrase concatenated with the key-file (if any). From this it follows, that you can always create a key-file that contains all the necessary characters that make up a passphrase. In the key-file, there are no restrictions on the contents - it is interpreted as a binary sequence of bytes. If you use this for passphrase data, you must be aware of character encoding issues - a key-file stored in Unicode UTF-16 encoding will probably not work as expected...

As the command line is made for programmatic access, the usage is not really intuitive so here follows some examples which can be executed as a sequence, which assume that AxCrypt is installed in a typical standard location and that the current directory contains a file named secrets.txt (test this with non-vital data please):

@ECHO ON REM Encrypt secrets.txt with the given passphrase, but do not remember this passphrase
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -b 2 -e -k "A Secret Phrase" -z secrets.txt

REM Decrypt secrets.txt, but prompt for the passphrase
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -b 2 -d secrets-txt.axx

REM Clear the passphrase cache of the default phrase (and all other cached phrases) for batch id '2'
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -b 2 -t

REM Load the passphrase cache with a default encryption phrase using the standard dialog
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -e -a

REM Encrypt secrets.txt with the default encryption phrase just entered
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -z secrets.txt

REM Decrypt secrets-txt.axx
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -d secrets-txt.axx

REM Clear the passphrase cache of the default phrase (and all other cached phrases)
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -t

REM Encrypt to a self-decrypting copy of the original and clear the cache
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -b 2 -e -k "A Secret Phrase" -J secrets.txt

REM Encrypt and copy to a regular encrypted file, but keep the passphrase in the global cache
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -e -k "Another Secret" -c -z secrets.txt

REM Shred the original with an interactive warning
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -w secrets.txt

REM Shred the self-decryping file with no interactive warning
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -s secrets-txt.exe

REM Open the file file with notepad or whatever is used for .txt-files
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" secrets-txt.axx

REM Decrypt back to secrets.txt, using the cached phrase
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -d secrets-txt.axx

REM Clear the passphrase cache again
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -t

REM Encrypt all files in the current and sub-directories, and do it fast but just deleting originals etc (i.e. faster)
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -b 2 -e -k "A Third phrase" -m -f -z *.txt

REM Rename all just encrypted files to anonymous names
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -m -h *.axx

REM Decrypt them all again, and clear the cache (batch id 2)
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -b 2 -m -f -d *.axx -t

REM Request that the resident process ends itself, and exits
"%ProgramFiles%\Axon Data\AxCrypt\1.6.1\AxCrypt" -x

Please note that for the passphrase cache to work as implied above, you need to check the appropriate options for keeping the passphrase in the cache when the interactive dialog is displayed. Also please note that you may need to use Alt-Tab to find the passphrase dialog when this is run from a command line window due to Windows design constraints.