Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Communications and Data Encryption > About Data Encryption >

Requirements for Data Encryption

This topic outlines the restrictions and requirements to bear in mind when encrypting data.

CAUTION:  Do not attempt to change the encryption key length after a Siebel environment has been set up and is running. To do so requires the regeneration of all keys (including the key file), as well as the re-encryption of all the applicable data. Rather, set the key length once during installation. You can, however, use the supported mechanisms to explicitly upgrade the encryption key lengths.

The following requirements exist for data encryption:

  • Because encryption and decryption have performance implications, encrypt only column data that is truly sensitive, such as credit card numbers and social security numbers.
  • Siebel Assignment Manager does not decrypt data before making assignments. Assignment rules must take this limitation into consideration.
  • When creating a link object to define a one-to-many relationship between a master business component and a detail business component, the source and destination fields specified in the link object definition must not be encrypted fields. If encrypted fields are specified, then the Siebel application cannot create the association between the two business components. For detailed information on configuring links, see Configuring Siebel Business Applications.
  • Data that is moved into or out of the Siebel database using Siebel EIM is not encrypted or decrypted by EIM.

    For additional information on encrypting EIM data after it is imported into an encrypted column, see Running the Encryption Upgrade Utility.

  • To configure 128-bit RC2 encryption (RC2 Encryptor) or any AES encryption option (AES Encryptor), you must use Siebel Strong Encryption Pack. 56-bit RC2 encryption is available for Siebel Business Applications by default.
  • Encrypted data is retrieved, decrypted, and displayed from the fields in the encrypted column when records are selected. Users can perform exact-match queries on the unencrypted values for these fields if you create a hash column to store the hash values. For information, see Configuring Encryption and Search on Encrypted Data.
  • You can only apply RC2 or AES encryption to data in database columns that are at least 32 bytes long. You cannot encrypt database columns of type VarChar that are less than 30 bytes long.
  • Encrypted data requires more storage space in the database than unencrypted data. You must specify appropriate data length for the affected columns. Use the following formulae when you allocate storage space for encrypted data:
    • For ASCII characters, the column size must be: (number of characters * [multiplied by] 2) + [plus] 10.
    • For non-English characters, the column size must be: (number of characters * [multiplied by] 4) + [plus] 10.
    • If you create a Hash Column (to enable search on encrypted data), then specify VarChar as the physical type of the column. The column size must be at least 30 characters; this is a requirement for use of the RSA SHA-1 algorithm.
  • Field-level AES or RC2 encryption is not supported for Developer Web Clients.
  • Encryption is not supported for List of Values (LOV) columns or multilingual LOV (MLOV) columns.
  • Encryption is not supported for join columns or foreign key columns.
  • Encryption for a Mobile Web Client.

    Rather than encrypt data using AES or RC2 encryption, the local database is encrypted. For information about encrypting the local database, see Siebel Remote and Replication Manager Administration Guide. For information about configuring encryption when the Mobile Web Client's local database is synchronized, see Configuring Encryption for Mobile Web Client Synchronization.

    
Siebel Security Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.