Siebel Security Guide > Communications and Data Encryption > About Data Encryption >

How Data Encryption Works

When encryption is enabled for a column in a database table, unencrypted data from all the fields in this column is sent through the specified encryptor (that is, the AES Encryptor or RC2 Encryptor). The encryptor encrypts the data using an encryption key stored in the key file.

After the data is encrypted, it is sent back to the database. When a user accesses this data, the encrypted data is sent through the encryptor again to be decrypted. The data is decrypted using the same encryption key from the key file that was used for encryption. The decrypted data is then sent to the business component field to be displayed in the application. For information on configuring encryption for a database column, see Configuring Encryption and Search on Encrypted Data.

The key file stores a number of encryption keys that encrypt and decrypt data. The key file is named keyfile.bin and is located in the admin subdirectory of the Siebel Server directory. Additional encryption keys can be added to the key file. For security, this file is encrypted with the key file password. For information on using the Key Database Manager utility to add encryption keys and change the key file password, see Managing the Key File Using the Key Database Manager.

NOTE:  The loss of the key file's password is irrecoverable.