Bookshelf Home | Contents | Index | Search | PDF |
Upgrade Guide for UNIX > Postupgrade Tasks >
Upgrading to RC2 Encryption
Release 7.5 delivers a new default encryption method based on the RC2 standard. The previous default encryption method (the Release 6.x or 7.x standard encryptor) is no longer supported, and data that used the standard encryptor cannot be read by 7.5 applications unless you upgrade your encryption method to RC2. Use the Encryption Upgrade Utility to convert unencrypted data and data that was encrypted using the standard encryptor to the RC2 encryption method.
CAUTION: Using a non-RC2 encryption method in a Unicode environment results in irrecoverable data loss.
Perform the following procedures to upgrade your encryption method:
- Verify that all prerequisites are met. See Prerequisites for Upgrading to RC2 Encryption.
- Make sure that the input file includes every column that you want to upgrade. See Modifying the Input File.
- If you customized business component fields to use the old encryption method, verify that you have the correct user property definitions. See Changing User Properties.
- Run
keydbmgr.exe
to change the password or add a new key to the database. See Changing the Password or Adding a New Key to a Database.- Determine which encryption you are going to use: 128-bit or 56-bit encryption.
- If you are upgrading to 128-bit encryption, follow the instructions for upgrading to 128-bit encryption, To upgrade to 128-bit encryption (for the Strong Encryption Pack) and then continue with the upgrade to 56-bit encryption.
- If you are upgrading to 56-bit encryption, see To upgrade to 56-bit encryption.
Prerequisites for Upgrading to RC2 Encryption
In order to upgrade to the RC2 encryption method, the following prerequisites must be fulfilled:
- The Siebel Gateway and Siebel Server are installed.
- The repository has been upgraded to the Release 7.5 schema, so that a new column has been created to store the key index for the encrypted column.
- If you created or customized columns to use the old encryption method (the standard encryptor), for each encrypted column that you want to upgrade, you need to create a new column to store the key index.
- If you have custom extension columns and you used the old encryption method (the standard encryptor), for each encrypted column that you want to upgrade, you need to
- Verify that column sizes for custom extension columns are large enough to hold the new RC2 values.
NOTE: If you encounter the error, "ORA-01401: inserted value too large for column," then you need to increase your column sizes.
- The key database (
keyfile.bin
) must already exist. (A default keyfile was created in the$SIEBEL_ROOT
/siebsrvr/admin
directory when you installed the Siebel Server.)- The password must be stored in the database.
Modifying the Input File
The input file
encrypt_colums.inp
indicates the table and column that store the encrypted data, and the table and column that store the key index. The input file is located in$SIEBEL_ROOT
/ dbsrvr/bin
directory. If you wish to execute the utility from the command line, place this file in the$SIEBEL_ROOT
/ siebsrvr//bin
directory.The input file must include every column that you want to upgrade. The first line of the input file indicates a table name with brackets around it. The table name should be followed on subsequent lines by all the columns to be upgraded for that table. Each column requires a table column to store the key index, so this is specified after the column name; for example:
[
TABLE_NAME
]COLUMN_NAME TABLE_NAME_FOR_KEY COLUMN_NAME_FOR_KEY
After each table, skip a line, and continue with subsequent tables. Here is a sample input file:
[S_ORDER]
CC_NUMBER S_ORDER CCNUM_ENCRPKEY_REF[S_DOC_ORDER]
CC_NUMBER S_DOC_ORDER CCNUM_ENCRPKEY_REF[S_PER_PAY_PRFL]
PAY_ACCNT_NUM S_PER_PAY_PRFL CCNUM_ENCRPKEY_REFTo support upgrade of non-encrypted field to RC2 encryption, add the letter
N
to the end of the column; for example:[S_NEW_TABLE]
NAME S_NEW_TABLE NAME_KEY_INDEX NChanging User Properties
If you customized business component fields to use the old encryption method (the standard encryptor), make sure that your custom buscomp field user properties are defined with the values provided in the table below. (An example is provided for the Quote business component.)
NOTE: By default, data encrypted using the old encryption method uses
ROW_ID
as the Encrypt Key Field. You may need to create a calculated field on each business component for the Encrypt Read Only Field.
Changing the Password or Adding a New Key to a Database
If you need to change the password or add a new key to your database, perform the following steps.
To change the password or add a new key
- Run
keydbmgr.exe
to change the password or add a new key to your database.
From$SIEBEL_ROOT
/siebsrvr/bin
, enter the following command:
keydbmgr.exe
/UUSERNAME
/PPASSWORD
/CCONFIGURATION_FILE_NAME
/LLANGUAGE
USERNAME
= user namePASSWORD
= passwordCONFIGURATION_FILE_NAME
= name of the configuration file (the default issiebel.cfg
). Make sure that the configuration file is pointing to the correct database.LANGUAGE
= The base language for your installation (the default isenu
)
keydbmgr.exe /u sadmin
/pPASSWORD
/c siebel.cfg /l enuNOTE: Use the default password
kdbpass
to log in and change the password.Upgrading Your Encryption Method
Follow the instructions below for the encryption you are going to use: 56-bit encryption or 128-bit encryption.
- If you purchased the Strong Encryption Pack for 128-bit encryption, follow the instructions, To upgrade to 128-bit encryption (for the Strong Encryption Pack), and then continue with the upgrade to 56-bit encryption.
NOTE: Verify encryption requirements and constraints for your deployment before you upgrade your encryption to 128-bit.
- If you perform the standard encryption upgrade to 56-bit encryption, skip the upgrade to 128-bit encryption, and go directly to the instructions To upgrade to 56-bit encryption.
To upgrade to 128-bit encryption (for the Strong Encryption Pack)
- Backup your existing keyfile.
- Run the keydbmgr.exe utility to change the keyfile password. See Changing the Password or Adding a New Key to a Database.
- Install the Strong Encryption Pack that you purchased separately.
- Run
keydbupgrade.exe
to upgrade to 128-bit encryption.
From$SIEBEL_ROOT
/siebsrvr/bin
,enter the following command:
keydbupgrade.exe /U
USERNAME
/PPASSWORD
/CCONFIGURATION_FILE_NAME
/LLANGUAGE
- Continue by upgrading to 56-bit encryption. See To upgrade to 56-bit encryption.
- Use
srvrmgr
to updateentparam
in the Siebel Gateway:- Restart the server.
- Repeat these steps on each machine that has an existing Strong Encryption Pack installed.
To upgrade to 56-bit encryption
- Verify that the input file
encrypt_colums.inp
includes all columns that you want to upgrade. If necessary, review Modifying the Input File.- Run
encryptupg.exe
to upgrade to 56-bit encryption.
From$SIEBEL_ROOT
/siebsrvr/bin
,enter the following command:
encryptupg.exe /U
USERNAME
/PPASSWORD
/CODBC_CONNECT_STRING
/D
TABLEOWNER
/J
INPUT_FILE
/N "REPOSITORY_NAME"
/KKEY_FILE_NAME
/L
LOG_FILE
USERNAME
= user name for the databasePASSWORD
= password for the databaseODBC_CONNECT_STRING
= ODBC connect string for the databaseTABLEOWNER
= tableowner for the databaseINPUT_FILE
= name of your input file
(The default name isencrypt_columns.inp
.)"REPOSITORY_NAME"
= name of the repository entered in quotation marks
(The default name isSiebel Repository
.)KEY_FILE_NAME
= absolute path to the key file
(The default location issiebsrvr\admin\keyfile.bin
.)LOG_FILE
= name of the log file
(The default name isencryptupg.log
.)NOTE: If you have custom encrypted fields, you can validate that all business component fields are pointing to the same column by appending the command with "
/v y
".For example,
encryptupg.exe /UUSERNAME
/P
PASSWORD
/C
ODBC_CONNECT_STRING
/D
TABLEOWNER
/J
INPUT_FILE
/N
REPOSITORY_NAME
/K
KEY_FILE_NAME
/L
LOG_FILE
/v y
But, some business components may not use the same column intentionally.- Repeat Step 2,
encryptupg.exe
, for each additional database. For each database, use the appropriate user name, password, ODBC connect string, and tableowner.- After the upgrade is complete, compile a new Siebel repository file. See Producing a New Custom Configuration File.
Troubleshooting the Upgrade to RC2 Encryption
If you fail to change user properties, you may get one or more of the following repository validation error messages. Examples of possible errors and sample remedies are provided below:
- Possible Error: Validation failed for Personal Payment Profile buscomp, Account Number field does not have field user property Encrypt Key Field defined or activated.
Sample Fix: Go to the Personal Payment Profile business component, Account Number field, and verify that the following field user properties exist:
- Possible Error: Validation failed for S_PER_PAY_PRFL table, PAY_ACCNT_NUM column. User properties for Personal Payment Profile buscomp, Account Number field does not match FS Invoice buscomp, Credit Card Number field.
Sample Fix: Go to FS Invoice buscomp, Credit Card Number field and make sure the three required field user properties match the ones in Personal Payment Profile buscomp, Account Number field.
- Possible Error: Validation failed. Personal Payment Profile buscomp, Payment Key Index index field's table and column name does not match FS Invoice buscomp, Credit Card Key Index index field.
Sample Fix: Go to the Personal Payment Profile buscomp, and make sure that the Payment Key Index field points to the same column as the Credit Card Key Index field in the FS Invoice buscomp.
Bookshelf Home | Contents | Index | Search | PDF |
Upgrade Guide for UNIX Published: 20 October 2003 |