Bookshelf v8.1/8.2: Increasing the Encryption Level

Increasing the Encryption Level

This topic describes how to upgrade Siebel Business Applications to 128-bit, 192-bit, or 256-bit encryption.

You can upgrade the key database file to use a level of encryption greater than 56-bit RC2 encryption provided you have implemented the Siebel Strong Encryption Pack as described in Implementing the Siebel Strong Encryption Pack. Table 8 shows the supported data encryption upgrade scenarios.

Table 8. Supported Encryption Upgrade Scenarios
Encryption Level to Upgrade from	Upgrade to 128-bit RC2 Encryption	Upgrade to 128-bit AES Encryption	Upgrade to 192-bit AES Encryption	Upgrade to 256-bit AES Encryption
No encryption	Yes	Yes	Yes	Yes
Standard Encryptor encryption	Yes	Yes	Yes	Yes
56-bit RC2 encryption	Yes	Yes	Yes	Yes
128-bit RC2 encryption	Not Applicable	Yes	Yes	Yes
128-bit AES encryption	Not Applicable	Not Applicable	Yes	Yes
192-bit AES encryption	Not Applicable	Not Applicable	Not Applicable	Yes

The following procedure describes how you upgrade the key database file to use a higher level of encryption.

To upgrade the key database file to use a higher level of encryption

Implement the Siebel Strong Encryption Pack as described in Implementing the Siebel Strong Encryption Pack.

Make sure that the Siebel Gateway Name Server and Siebel Servers within the Siebel Enterprise are running.

On the Siebel Server where the Siebel Strong Encryption Pack files are located, open a command-line window and navigate to the following directory:

SIEBEL_ROOT\siebsrvr\bin

Execute the appropriate command:

On Windows:

keydbupgrade.exe /u db_username /p db_password /l language /c config_file

On UNIX:

keydbupgrade /u db_username /p db_password /l language /c config_file

The following table describes the flags and parameters for the keydbupgrade command.


Flag	Parameter	Description
`/u`	db_username	User name for the database user
`/p`	db_password	Password for the database user
`/l`	language	Language type
`/c`	config_file	Full path to the application configuration file, such as siebel.cfg for Siebel Sales

When prompted, enter the key length you are upgrading from. If you have not implemented encryption before, then select 56-bit encryption.

Select the key length to upgrade to.

Enter the key database manager password.

The utility upgrades the encryption level to the level you specified in Step 6. For information about the key database manager password, see Managing the Key File Using the Key Database Manager.

To verify that the encryption level has been upgraded, note if the timestamp for keyfile.bin matches the time when you executed the keydbupgrade utility.

After you verify that the encryption level has been upgraded, perform the following tasks in the order listed:

Add a new encryption key.
For information, see Adding New Encryption Keys.
Change the Siebel administrator password so that it is reencrypted using the new encryption algorithm provided by the Siebel Strong Encryption Pack. For information on this task, refer to one of the following topics:
- Changing System Administrator Passwords on Microsoft Windows. After changing the password, delete the Siebel Server system service and re-create it using the new password.
- Changing the Siebel Administrator Password on UNIX
Reencrypt Gateway Name Server parameters that are encrypted in the siebns.dat file.
For information, see Reencrypting Password Parameters in the Siebns.dat File.

Distribute the key file (keyfile.bin) that contains the increased encryption level to the other Siebel Servers in your Siebel Enterprise. Place it in the same directory on each Siebel Server, that is:

SIEBEL_ROOT\siebsrvr\admin\

Upgrade existing encrypted data to use the new encryption level.

For information on this task, see About Upgrading Data to a Higher Encryption Level.

Siebel Security Guide		Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.