Siebel Security Guide > Communications and Data Encryption > Process of Upgrading Data to a Higher Encryption Level >

Modifying the Input File

Before upgrading to a higher encryption level, you must modify the encrypt_colums.inp input file to list every table column that you want to upgrade. The input file, encrypt_colums.inp, indicates the table and column that store the encrypted data, and the table and column that store the key index.

This task is a step in Process of Upgrading Data to a Higher Encryption Level.

The following procedure describes how to modify the input file.

To modify the encrypt_colums.inp file

1. Navigate to the SIEBEL_ROOT/ dbsrvr/bin directory where the input file is located.

   If you want to execute the Encryption Upgrade Utility from the command line, then place this file in the SIEBEL_ROOT/ siebsrvr/bin directory.

2. Using a text editor, edit the input file to include every column that you want to upgrade.

   The first line of the input file indicates a table name with brackets around it. On subsequent lines following the table name, list all the columns to be upgraded for that table.

   Each column that stores encrypted data requires a table column to store the key index, which is specified after the column name; for example:

   [TABLE_NAME]
   COLUMN_NAME TABLE_NAME_FOR_KEY COLUMN_NAME_FOR_KEY
WHERE clause

3. After each table, skip a line, and continue to list the columns for subsequent tables, as shown in the following example:

   [S_ORDER]
   CC_NUMBER S_ORDER CCNUM_ENCRPKEY_REF
   WHERE S.CC_NUMBER='1234567890'

   [S_DOC_ORDER]
   CC_NUMBER S_DOC_ORDER CCNUM_ENCRPKEY_REF
   WHERE S.CC_NUMBER='1231231231'

   [S_PER_PAY_PRFL]
   PAY_ACCNT_NUM S_PER_PAY_PRFL CCNUM_ENCRPKEY_REF
   WHERE S.CC_NUMBER='1231231231'

4. When you have added information for every table column that you want to upgrade, save the input file.

About Using the Where Clause and Flags in the Input File

On the line following the name of each column to be upgraded, you can optionally specify the WHERE clause, the N flag, and the H flag for the column:

• Use the WHERE clause if you want to partition the data to encrypt. Every column name that you specify for the WHERE clause must have the letter S added to the start of the column name. If you do not want to partition data, then omit the WHERE clause, as in the following example:

  [S_ORDER]
  CC_NUMBER S_ORDER CCNUM_ENCRPKEY_REF
  WHERE

• If you have imported data from EIM into an encrypted column, then use the WHERE clause to specify that only the unencrypted EIM records, that is, records where the value of the key index column is NULL, are to be encrypted. For example, the following entry is for a table named S_PER_PAY_PRFL. This table contains an encrypted column, PAY_ACCNT_NUM, which has a key index column, ENCRPKEY_REF:

  [S_PER_PAY_PRFL]
  PAY_ACCNT_NUM S_PER_PAY_PRFL CCNUM_ENCRPKEY_REF
  WHERE S.CCNUM_ENCRPKEY_REF IS NULL

• To support upgrade of non-encrypted fields to use encryption, add the letter N after the column name; for example:

  [S_NEW_TABLE]
  COLUMN_NAME S_NEW_TABLE NAME_KEY_INDEX
  N

• If you want to enable search on the upgraded encrypted column, then add the letter H to the end of the column; for example:

  [S_NEW_TABLE]
  COLUMN_NAME S_NEW_TABLE NAME_KEY_INDEX
  H

  This creates a hash column which stores the values that are returned when you apply the RSA SHA-1 algorithm to the plain text values of the encrypted column.

  If you want to enable search on an existing encrypted column, then add the following entry in the input file to create a column which stores the hash value of the plaintext in the encrypted column:

  [S_TABLE_NAME]
  COLUMN_NAME S_TABLE_NAME COLUMN_NAME_ENCRPKEY_REF H
  WHERE S.ROW_ID='123123'

  For information about search on encrypted data, see Configuring Encryption and Search on Encrypted Data.