Siebel Security Guide > Communications and Data Encryption > About Data Encryption >
Requirements for Data Encryption
Encrypting data is subject to the following restrictions and requirements:
CAUTION: Do not attempt to change the encryption key length after a Siebel environment has been set up and running. To do so requires the regeneration of all keys (including the key file), as well as the reencryption of all the applicable data. Rather, set the key length once during installation. You can, however, use the supported mechanisms to explicitly upgrade the encryption key lengths.
- Because encryption and decryption have performance implications, encrypt only column data that is truly sensitive, such as credit card numbers and social security numbers.
- Siebel Assignment Manager does not decrypt data before making assignments. Assignment rules must take this limitation into consideration.
- When creating a link object to define a one-to-many relationship between a master business component and a detail business component, the source and destination fields specified in the link object definition must not be encrypted fields. If encrypted fields are specified, Siebel Business Applications cannot create the association between the two business components. For detailed information on configuring links, see Configuring Siebel Business Applications.
- Data that is moved into or out of the Siebel database using Siebel EIM will not be encrypted or decrypted by EIM.
- To configure 128-bit RC2 encryption (RC2 Encryptor) or any AES encryption option (AES Encryptor), you must have first installed the Siebel Strong Encryption Pack. 56-bit RC2 encryption is available for Siebel Business Applications without the Strong Encryption Pack.
- Encrypted data is retrieved, decrypted, and displayed from the fields in the encrypted column when records are selected. Users can perform exact-match queries on the unencrypted values for these fields if you create a hash column to store the hash values as described in Configuring Encryption and Search on Encrypted Data.
- You can only apply RC2 or AES encryption to data in database columns that are at least 32 bytes long. You cannot encrypt database columns of type VarChar that are less than 30 bytes long.
- Encrypted data requires more storage space in the database than unencrypted data. You must specify appropriate data length for the affected columns. Use the following formulae when you allocate storage space for encrypted data:
- For ASCII characters, the column size must be: (number of characters * [multiplied by] 2) + [plus] 10.
- For non-English characters, the column size must be: (number of characters * [multiplied by] 4) + [plus] 10.
- If you create a Hash Column (to enable search on encrypted data), specify VarChar as the physical type of the column. The column size must be at least 30 characters; this is a requirement for use of the RSA SHA-1 algorithm.
- Field-level AES or RC2 encryption is not supported for Developer Web Clients.
- Encryption is not supported for List of Values (LOV) columns or multilingual LOV (MLOV) columns.
- Encryption for a Mobile Web Client.
Rather than encrypt data using AES or RC2 encryption, the local database is encrypted. For information about encrypting the local database, see Siebel Remote and Replication Manager Administration Guide. For information about configuring encryption when the Mobile Web Client's local database is synchronized, see Configuring Encryption for Mobile Web Client Synchronization.