Bookshelf Home | Contents | Index | PDF     

Security Guide for Siebel Business Applications > Communications and Data Encryption > Configuring Data Encryption >

Upgrading Encrypted Data to 56-bit RC2 Encryption

As of Release 7.5.x, the standard encryptor encryption method is no longer supported. If you are upgrading from Release 6.x or 7.0.x, you must upgrade to RC2 or AES encryption.

Data encrypted by the standard encryptor must be upgraded to the RC2 standard before it can be read by releases later than 7.0.x. Customers who want to upgrade from Release 6.x must first upgrade to Release 7.7 even if they want to upgrade to a release later than 7.7. Use the Encryption Upgrade utility (encryptupg.exe), located in the bin subdirectory of the Siebel Server directory, to upgrade unencrypted data, and data that was encrypted using the standard encryptor, to the RC2 encryption method.

This section describes how to upgrade to 56-bit RC2 encryption. If you want to upgrade to 128-bit RC2 encryption or AES encryption, see About Siebel Strong Encryption Pack.

CAUTION:  For encryption with Unicode, you must use either AES or RC2 encryption, rather than the Standard Encryptor, which is no longer supported.

Perform the following procedures to upgrade your encryption method:

Prerequisites for Upgrading to 56-bit RC2 Encryption

In order to upgrade to the RC2 encryption method, the following prerequisites must be fulfilled:

  • The Siebel Gateway Name Server and Siebel Server are installed.
  • The Siebel repository has been upgraded to the schema for the current release, so that a new column has been created to store the key index for the encrypted column.
  • If you created or customized columns to use the standard encryptor of Release 6.x or 7.0.x, for each encrypted column that you want to upgrade, you need to create a new column to store the key index.
  • Verify that column sizes for custom extension columns are large enough to hold the new RC2 values.
  • The key database (keyfile.bin) must already exist. (A default keyfile was created in the SIEBEL_ROOT/siebsrvr/admin directory when you installed the Siebel Server.)

Modifying the Input File

The input file encrypt_colums.inp indicates the table and column that store the encrypted data, and the table and column that store the key index. The input file is located in SIEBEL_ROOT/ dbsrvr/bin directory. If you wish to execute the Encryption Upgrade Utility from the command line, place this file in the SIEBEL_ROOT/ siebsrvr/bin directory.

The input file must include every column that you want to upgrade. The first line of the input file indicates a table name with brackets around it. The table name should be followed on subsequent lines by all the columns to be upgraded for that table. Each column that stores encrypted data requires a table column to store the key index, which is specified after the column name; for example:

[TABLE_NAME]
COLUMN_NAME TABLE_NAME_FOR_KEY COLUMN_NAME_FOR_KEY

After each table, skip a line, and continue with subsequent tables. Here is a sample input file:

[S_ORDER]
CC_NUMBER S_ORDER CCNUM_ENCRPKEY_REF

[S_DOC_ORDER]
CC_NUMBER S_DOC_ORDER CCNUM_ENCRPKEY_REF

[S_PER_PAY_PRFL]
PAY_ACCNT_NUM S_PER_PAY_PRFL CCNUM_ENCRPKEY_REF

To support upgrade of non-encrypted fields to RC2 encryption, add the letter N to the end of the column; for example:

[S_NEW_TABLE]
COLUMN_NAME S_NEW_TABLE NAME_KEY_INDEX N

Converting Encrypted Data to 56-bit RC2 Encryption

Follow the instructions below to convert data encrypted using the standard encryptor to 56-bit RC2 encryption.

NOTE:  The Encryption Upgrade utility writes output to its own log file which is located in the log subdirectory of your Siebel Server directory. The default filename for the log file is encryptupg.log. You can specify another filename for the log file as described by the following procedure.

To convert to 56-bit RC2 encryption

  1. Verify that the input file encrypt_colums.inp includes all the columns that you want to upgrade. If necessary, review Modifying the Input File.
  2. Run encryptupg.exe to convert to 56-bit RC2 encryption.

    From SIEBEL_ROOT\siebsrvr\bin, enter the following command:

    encryptupg.exe /f FromEncrytionStrength /t ToEncryptionStrength /j InputFileName /l Language /u UserName /p Password /c ConfigurationFile /L LogFile

    where:

    • FromEncrytionStrength is the encryption strength that you want to upgrade from. The following table describes valid parameters to enter in this command.
      Parameter
      Description

      NONE

      Unencrypted data.

      STAND

      Data encrypted by the Siebel Standard Encryptor. This encryption is no longer supported.
    • ToEncryptionStrength is the encryption strength that you want to upgrade to. Enter RC2 to upgrade to RC2 encryption.
    • InputFileName is the filename of your input file (the default is encrypt_columns.inp).
    • Language is the language code. To specify U.S. English, enter ENU.
    • UserName is the user name for the database.
    • Password is the password for the database.
    • ConfigurationFile is the application configuration file where you specify the data source for the Encryption Upgrade utility to retrieve data from.
    • LogFile is the log file that the Encryption Upgrade utility writes to. By default it is encryptupg.log.

      For example, the following command allows a Siebel administrator to upgrade data encrypted using the standard encryptor of releases prior to 7.5.x to RC2 encryption:

    encryptupg /f STAND /t RC2 /j d:\sea78\siebsrvr\bin\encryptupg.inp /l ENU /u sadmin /p dbpw /c d:\sea78\siebsrvr\bin\enu\siebel.cfg

  3. After the upgrade is complete, make sure that business components that contain encrypted fields specify the value for the RC2 encryption method in their user properties. For more information, see Setting Encryption User Properties.
  4. Compile a new Siebel repository file (.SRF). For more information on how to compile a.SRF file, see the Upgrade Guide for the operating system you are using.
    
Security Guide for Siebel Business Applications