Bookshelf Home | Contents | Index | PDF |
Security Guide for Siebel Business Applications > Communications and Data Encryption > Configuring Data EncryptionYou can encrypt sensitive data in the Siebel Database, such as customer credit card numbers, using various encryption alternatives provided by Siebel Systems. Standard Siebel Business Applications provide the option for 56-bit RC2 encryption capabilities for data in the Siebel Database. If you require stronger encryption capabilities, see About Siebel Strong Encryption Pack. If you are upgrading from Releases 6.x or 7.0.x, which used the mangle algorithm encryption method (standard encryptor), see Upgrading Encrypted Data to 56-bit RC2 Encryption for information on how to move your data to the RC2 encryption standard using a 56-bit encryption key. About Siebel Strong Encryption PackMore secure encryption alternatives are provided with the Siebel Strong Encryption Pack, which includes:
AES encryption and RC2 encryption are provided as Siebel business services. You configure AES or RC2 encryption for business component fields using Siebel Tools. For details, see Configuring Business Component Encryption. The Siebel Strong Encryption Pack is available from Siebel Systems on separate distribution media, and requires a separate installation into your existing Siebel Server environment. For information on how to obtain the Siebel Strong Encryption Pack, see Technical Note 566 on Siebel SupportWeb. CAUTION: If you are upgrading your encryption level, make sure you read Upgrade Issues for Data Encryption before you install the Siebel Strong Encryption Pack. How Data Encryption WorksWhen encryption is enabled for a business component field, unencrypted data from the field is sent through the specified encryptor (that is, the AES Encryptor or RC2 Encryptor). The encryptor encrypts the data using an encryption key stored in the keyfile. After the data is encrypted, it is sent back to the business component field to be stored in the database. When a user accesses this data, the encrypted data is sent through the encryptor again to be decrypted. The data is decrypted using the same encryption key from the keyfile that was used for encryption. The decrypted data is then sent back to the business component field to be displayed in the application. The keyfile stores a number of encryption keys that encrypt and decrypt data. The keyfile is named keyfile.bin and is located in the admin subdirectory of the Siebel Server directory. Additional encryption keys can be added to the keyfile. For security, this file is encrypted using an encryption key generated from the keyfile password. To generate a new encryption key to encrypt the keyfile, change the keyfile password. CAUTION: The loss of the keyfile's password is irrecoverable. The rest of this section describes how to use the Key Database Manager utility to add encryption keys and to change the keyfile password. Requirements for Data EncryptionEncrypting field data is subject to the following restrictions and requirements. CAUTION: Do not attempt to change the encryption key length once a Siebel environment has been set up and running. To do so would require regeneration of all keys (including the keyfile), as well as re-encryption of all applicable data. Rather, set the key length once during installation. You can, however, use the supported mechanisms to explicitly upgrade your encryption key lengths.
|
Security Guide for Siebel Business Applications |