Siebel Security Guide > Communications and Data Encryption > Managing the Key File Using the Key Database Manager >

Adding New Encryption Keys

You can add new encryption keys to the key file, keyfile.bin, which is located in the SIEBSRVR_ROOT/admin directory. The AES Encryptor uses the latest key in the key file to encrypt new data; existing data is decrypted using the original key that was used for encryption, even if a newer key is available. There is no limit to the number of encryption keys that you can store in the key file.

CAUTION:  You must back up the key file before making changes to it. If the key file is lost or damaged, then it is not possible to recover the encrypted data without a backup key file.

To add new encryption keys

1. Shut down any server components that are configured to use encryption.
2. From the SIEBSRVR_ROOT/bin directory, run Key Database Manager.

   For details, see Managing the Key File Using the Key Database Manager.

3. To add an encryption key to the key file, enter 2.
4. Enter some seed data to provide random data used in generating the new encryption key.

   The key must be at least seven characters and no more than 255 characters in length.

5. Exit the utility by entering 3.

   When exiting the Key Database Manager utility, monitor any error messages that are generated. If an error occurs, then you might have to restore the backup version of the key file.

6. Distribute the new key file by copying the file to the SIEBSRVR_ROOT/admin directory of all Siebel Servers in the Enterprise.

   CAUTION:  When copying the keyfile.bin file to Siebel Servers, take care that the file does not become damaged. If the key file is damaged, then it is not possible to recover encrypted data without a backup key file.

7. Restart any server components that were shut down in Step 1.

   For information on starting server components, see Siebel System Administration Guide.