Siebel Developer's Reference > User Properties > Field User Properties >

Specifying Encryption for Fields

This topic describes user properties that handle encryption. It includes the following topics:

• Overview of Encryption User Properties
• Upgrading Encryption
• Enabling Encryption on a Field
• Specifying the Field That Contains the Encryption Key
• Specifying the RC2 or AES Encryption Service
• Setting an Encrypted Field to Read Only if Encryption Fails
• Masking Credit Card, Account, and Other Secure Data
• Specifying the Field That Contains Secure Data

Overview of Encryption User Properties

Siebel CRM comes predefined with the following business services that it uses to encrypt data fields according to RSA (Rivest Shamir Adleman) encryption:

• Advanced Encryption Standard (AES) Encryptor
• RC2 Encryptor

To encrypt a field, you set the encryption flag, identify the encryption service, and specify the encryption key. To disable encryption on a field, you set the Encrypted user property of the field to N.

If encryption is enabled, then Siebel CRM writes data to the field in the encrypted format and reads decrypted data from the field. Encryption must be enabled for each business component field that Siebel CRM maps to the same database column, and the user property specifications for these objects must be consistent.

Siebel CRM typically encrypts credit card number fields. However, it might be necessary for you to disable encryption in these fields in the following screens so that the user can view this information:

• Order Entry -- Orders
• Quote
• Agreements

For more information about setting up or upgrading encryption, see Siebel Security Guide. For more information about encryption keys and how to manage them, see Siebel System Administration Guide.

Upgrading Encryption

To do one of the following, you must run an upgrade script that modifies the encryption for the field:

• Use the RSA or AES encryptor service on a field that Siebel CRM previously did not encrypt or that the Standard Encryptor encrypted. Siebel CRM no longer supports Standard Encryptor.
• Use a stronger version of RC2 encryption than Siebel CRM previously used on the field.

For more information, see the upgrade guide for the operating system you are using.

Enabling Encryption on a Field

The Encrypted field user property specifies whether Siebel CRM encrypts a field. The value for this user property must include a Boolean value. If Y, then Siebel CRM enables encryption. To enable encryption on a field, you must set this field user property to Y and you must configure the Encrypt Service Name and Encrypt Key Field user properties. For more information, see Siebel Security Guide.

Specifying the Field That Contains the Encryption Key

The Encrypt Key Field field user property specifies the name of the business component field that contains the encryption key index. The keyfile.bin file in the following directory contains indexed encryption keys:

\Siebel_Root\Admin

The Encrypt Key Field user property specifies the business component field that contains the numbered encryption key index that Siebel CRM uses to decrypt the parent field.

For example, the Credit Card Number field that resides in the Quote business component is an encrypted field that contains credit card numbers. The Credit Card Number Key Index field contains the index of the encryption key that Siebel CRM uses to decrypt the Credit Card Number field. Siebel CRM sets the Credit Card Number field in the Encrypt Key Field user property to a value that the Credit Card Number Key Index contains.

Specifying the RC2 or AES Encryption Service

The Encrypt Service Name field user property specifies the encryption service name. It must specify one of the following values:

• RC2 Encryptor
• AES Encryptor

You can set this field user property on an encrypted field to specify the embedded encryption service that Siebel CRM applies.

Setting an Encrypted Field to Read Only if Encryption Fails

If decryption fails, then the Encrypt ReadOnly Field field user property sets an encrypted field to read-only. It must specify the name of a calculated business component field whose Calculated Value property is empty.

The calculated field that this field user property specifies determines whether Siebel CRM sets the data in the encrypted field to read-only. Preserving the data in read-only form allows someone to recover it later without modifying this data. This calculated field can use one of the following values:

• Y. Decryption fails on the encrypted field. Siebel CRM sets this encrypted field to read-only.
• N. Decryption succeeds on the encrypted field. Siebel CRM sets this encrypted field to readable.

For example, the Quote business component includes the encrypted Credit Card Number field. Siebel CRM sets the Encrypt ReadOnly Field user property for this field to the value that the Credit Card Number - Read Only calculated field contains.

Masking Credit Card, Account, and Other Secure Data

The Display Mask Char field user property displays a masked version of secure data, typically a credit card number or account number. The value for this user property must include a character that Siebel CRM uses to mask characters. Siebel CRM sets this value to x, by default.

Siebel CRM uses this field user property with the Encrypt Source Field user property to display only the last 4 digits of a credit card number or account number. For example, xxxxxxxxxxxx9999. You set this field user property on a separate calculated field that Siebel CRM displays in the client instead of on the field that contains the entire credit card number or account number.

For example, Siebel CRM uses the Credit Card Number field in the Quote business component as the encrypted field that stores the credit card number. The properties of the Credit Card Number - Display calculated field include the following values:

• Display Mask Char. This user property contains x.
• Encrypt Source Field. This user property contains the following value. The applet field that displays the masked credit card number must reference the Credit Card Number - Display field:

  Credit Card Number

The field that the Encrypt Source Field property identifies must be encrypted. If it is not encrypted, then the masking functionality does not work.

For more information, see Specifying the Field That Contains the Encryption Key.

Specifying the Field That Contains Secure Data

The Encrypt Source Field field user property specifies the name of the business component field that contains an encrypted credit card number or account number. For more information, see Masking Credit Card, Account, and Other Secure Data.