Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Communications and Data Encryption >

Configuring Encryption and Search on Encrypted Data

This topic describes how to use Siebel Tools to enable encryption for a column in a database table and to enable search on the encrypted column.

NOTE:  You cannot encrypt columns in database tables without the assistance of Oracle's Application Expert Services. For help with encrypting a column in a database table, you must contact your Oracle sales representative for Oracle Advanced Customer Services to request assistance from Oracle's Application Expert Services.

You encrypt a column and its data by specifying values for certain parameters of the column in the database table. You can also enable search on the encrypted data by creating an additional column (hash column) that stores the result of applying the RSA SHA-1 algorithm to the plain text value of the encrypted data. Search can be case-sensitive or case-insensitive depending on how you configure search.

The following procedure describes how to encrypt data and, optionally, how to enable search on this data. Before carrying out the procedure, note the following points:

  • The encrypted column, hash column, and the column that stores the index number to the key file must come from the same database table.
  • You cannot encrypt a column that has a denormalized column, because this feature is not supported.

    For example, column NAME of account table S_ORG_EXT has a denormalized column in: S_ACCNT_POSTN.ACCOUNT_NAME.

  • The encrypted column and the hash column must be of type String (VARCHAR), while the column that stores the index number to the key file must be of type Integer.

    For more information on requirements for data encryption, see Requirements for Data Encryption.

To encrypt a column and enable search on the encrypted column in a database table

  1. Start Siebel Tools.
  2. Select the column in the database table that contains the data you want to encrypt.
  3. Add values to the following parameters of the column you selected in Step 2:
    • Computation Expression. Specify the algorithm to encrypt data in the column. Valid values are SiebelEncrypt.RC2 ([ColumnName]) or SiebelEncrypt.AES ([ColumnName]).

      For information on the Siebel AES and RC2 encryption options, see About Data Encryption. To implement AES, you must use the Siebel Strong Encryption Pack. For more information, see About the Siebel Strong Encryption Pack.

    • Encrypt Key Specifier. Specify the column that stores the index number to the key file.
  4. If you want to allow search on encrypted data, then create another column with a name of your choice or with the following name format:

    C_HASH_NAME

    where Name is the name of the column you selected in Step 2.

    C_HASH_NAME stores the value that results from applying the RSA SHA-1 algorithm to the plain text values of the column you selected in Step 2.

    The following table lists the syntax for a number of encryption and search scenarios.

    Scenario
    Enter these values

    Encrypt data in column C_SSI using the RC2 algorithm
    • For Computation Expression, enter:

      SiebelEncrypt.RC2 ([C_SSI])

    • For Encrypt Key Specifier, specify the column that stores the index key for the key file. For example:

      C_KeyIndex

    Encrypt data in column C_SSI using the AES algorithm

     
    • For Computation Expression, enter:

      SiebelEncrypt.AES ([C_SSI])

    • For Encrypt Key Specifier, specify the column that stores the index key for the key file. For example:

      C_KeyIndex

    To enable case-sensitive search on the data that you encrypt in column C_SSI, you create an additional column C_HASH_SSI

    Enter the following syntax in the field for the Computation Expression of column C_HASH_SSI:

    SiebelHash.SHA1 ([C_SSI])

    To enable case-insensitive search on the data that you encrypt in column C_SSI, you create an additional column C_HASH_SSI

    Enter the following syntax in the field for the Computation Expression of column C_HASH_SSI:

    SiebelHash.SHA1CI ([C_SSI])

    Now do one of the following:

    • If the column that you have enabled for encryption does not yet contain data, then there are no further steps to perform.
    • If the column that you have enabled for encryption does contain data, then proceed to Step 5.
  5. If the database column that you have enabled for encryption previously contained data, then run the Encryption Upgrade utility (encryptupg.exe) to encrypt the existing data and, if applicable, to create searchable hash values for the data.

    Encrypt existing data immediately after you configure a column for encryption. You can create searchable hash values for the column at a later time if you choose. For information on using the encryptupg.exe utility, see About Upgrading Data to a Higher Encryption Level.

    
Siebel Security Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.