More complicated and powerful rules can be written to select files for encryption.
Wildcards
Wildcards allow groups of files to be selected for encryption simultaneously. Those available are:
... |
substitute for zero or more directory names |
* |
match parts of filenames |
? |
match single characters of filenames |
The basic syntax for using these characters may be gleaned from the following examples, which illustrate some of the possibilities offered.
The principles are similar to those used for excluding files from backup.
- To encrypt multiple files with a common component in their name, use the * and ? wildcards. The * matches any number of any character, and the ? matches any single character. Note that the * and ? wildcards do not alone represent a folder name. For example, to select for encryption any files whose names begin "encrypt" in the C:\data folder:
include.encrypt C:\data\encrypt*
- To encrypt a whole folder of files, use * to stand for every file. For instance, to encrypt every file within C:\data, no matter what its name:
include.encrypt C:\data\*
This will only select for encryption the files directly within C:\data, not any of the sub-folders, or their files, that might be within C:\data.
- To select numerous directories for encryption use the ... wildcard. Thus, to encrypt all the subdirectories and files that are within C:\data:
include.encrypt C:\data\...\*
Another use of this type of wildcard would be for encrypting files in a sub-directory no matter where it is located on C:. For example, to encrypt the files within a directory called personal wherever it is on C:
include.encrypt C:\...\personal\*
- To encrypt any files whose names begin with a variable single character then followed by _test.txt in the C:\data directory, use ?, as in:
include.encrypt C:\data\?_test.txt
- If you wish to encrypt the contents of, for example, 100 directories called data00, data01, data02 and so on up to data99 on the C: drive, then you can do either of the following:
include.encrypt C:\data*\*
include.encrypt C:\data??\*
exclude.encrypt
The second option is to use exclude.encrypt, which can be combined with include.encrypt and one or more of the wildcards. It is important to note that the list of includes and excludes is processed bottom up.
- The following example will encrypt all of the directory C:\data (but not its subdirectories), except the file donotencryptthis.txt:
exclude.encrypt c:\data\donotencryptthis.txt
include.encrypt c:\data\*
- To exclude the contents of a directory from encryption, but include the contents of all its subdirectories, use:
include.encrypt C:\data\...\*
exclude.encrypt C:\data\*
This will exclude any file in the C:\data directory but will include for encryption any file in any subdirectory under C:\data.
Note that the order is important. The exclude.encrypt directive must follow the include.encrypt directive in the configuration file, otherwise the former (exclude) rule will be ignored.
Interaction with other include-exclude rules
If you are using further rules in the configuration file to exclude data from backup, note that these are independent of the encryption rules. For example, if you are excluding everything from backup bar certain files (as per how to exclude everything from backup except a specific directory/folder), and wish to encrypt those files, then you will need both include.encrypt and include rules:
include.encrypt C:\data\...\*
exclude C:\...\*
include C:\data\...\*
Without the line include C:\data\...\*, all files would be excluded from backup. include.encrypt does not include files for backup, but only for encryption.