Siebel Developer's Reference > User Properties > Field User Properties >
Encryption User Properties
Encryption of business component fields can be controlled using the following field user properties, which are described in subsequent topics:
For more information on setting up and upgrading encryption, see Siebel Security Guide. For more information on encryption keys and how they are managed, see Siebel System Administration Guide. A field is encrypted by setting the encryption flag, identifying the encryption service, and specifying the encryption key to be used. Siebel Business Applications come preconfigured with two business services that you can use to encrypt data fields: the Advanced Encryption Standard (AES) Encryptor and the RC2 Encryptor, based on RSA encryption. NOTE: You must run upgrade scripts to change the encryption of a field by any of the following: use the RSA or AES encryptor service on a field that was previously unencrypted or that was encrypted using the Standard Encryptor (no longer supported); use a stronger version of RC2 encryption than was previously used on the field. For more information, see the upgrade guide for the operating system you are using.
When encryption is turned on, data written to the field is in the encrypted format and data read from the field is decrypted. Therefore, all business component fields that are mapped to the same database column must also have encryption turned on with consistent user property specifications. For information about turning on field level encryption, see Siebel Security Guide. You can turn off encryption on a field by setting the field's Encrypted user property to N. NOTE: Credit Card Number fields are commonly encrypted. However, in the Order Entry -- Orders, Quote, and Agreements business components screens, it may be desirable to turn off the encryption in particular credit card number fields so that the user can see what was typed.
Encrypted
This user property allows you to specify whether a field is encrypted.
Value |
The value of the Encrypted user property must be either Y or N. |
Usage |
Turn on encryption on the field by setting this user property to Y and by setting the Encrypt Service Name and Encrypt Key Field user properties. See also Siebel Security Guide. You can turn off encryption on the field by setting this user property to N. |
Parent Object Type |
Field |
Functional Area |
Encryption |
Encrypt Key Field
This user property allows you to specify which encryption key to use.
Value |
The value of this user property is the name of the field on the business component that contains the encryption key index. |
Usage |
The keyfile.bin file in the \Siebel_Root\Admin directory contains indexed encryption keys. The Encrypt Key Field user property specifies the field on the business component that contains the numbered encryption key index to use to decrypt the parent field. For example, in the Quote business component, the Credit Card Number field is an encrypted field that contains credit card numbers. The Credit Card Number Key Index field contains the index of the encryption key that is used to decrypt the Credit Card Number field. Thus on the Credit Card Number field the Encrypt Key Field user property is set with a value of Credit Card Number Key Index. |
Parent Object Type |
Field |
Functional Area |
Encryption |
Encrypt Service Name
This user property allows you to specify the encryption service name.
Value |
- RC2 Encryptor
- AES Encryptor
|
Usage |
Set this user property on an encrypted field to specify which embedded encryption service to apply. |
Parent Object Type |
Field |
Functional Area |
Encryption |
Encrypt ReadOnly Field
This field user property allows you to set an encrypted field to read-only if its decryption fails.
Value |
The value of this user property is the name of a calculated field on the business component whose Calculated Value property is left blank. |
Usage |
The calculated field that is specified by this user property determines whether the data in the encrypted field is set to read-only. Preserving the data in read-only form may allow someone to recover it later without the data being further modified. The calculated field can assume the following values:
- Y if decryption fails on the encrypted field. The encrypted field is automatically set to read-only.
- N if decryption succeeds on the encrypted field. The encrypted field is editable.
For example, in the Quote business component, the encrypted Credit Card Number field has the Encrypt ReadOnly Field user property set to the calculated field Credit Card Number - Read Only. |
Parent Object Type |
Field |
Functional Area |
Encryption |
Encrypt Source Field
This field user property allows you to display a masked version of secure data, typically a credit card number or account number.
Value |
The value of the Encrypt Source Field user property is the name of a field on the business component that contains the encrypted credit card number or account number. |
Usage |
This user property is used with the Display Mask Char user property to display only the last 4 digits of a credit card number or account number, such as xxxxxxxxxxxx9999. This user property is set on a separate calculated field that is displayed in the UI instead of the field containing the entire credit card number or account number. For example, in the Quote business component, the Credit Card Number field is the encrypted field that stores the credit card number. The Credit Card Number - Display field is a calculated field on which the following user properties are set:
- Display Mask Char with a value of x
- Encrypt Source Field with a value of Credit Card Number
The applet field that displays the masked credit card number must reference the Credit Card Number - Display field. See also Display Mask Char. |
Parent Object Type |
Field |
Functional Area |
Encryption |
|