Siebel CRM Siebel Security Guide Siebel Innovation Pack 2016, Rev. A E24814-01 |
|
Previous |
Next |
View PDF |
This topic describes how to use Siebel Tools to enable encryption for a column in a database table and to enable search on the encrypted column.
Note: For help with encrypting columns in database tables, you must contact your Oracle sales representative for Oracle Advanced Customer Services to request assistance. |
You encrypt a column and its data by specifying values for certain parameters of the column in the database table. You can also enable search on the encrypted data by creating an additional column (hash column) that stores the result of applying the SHA-1 algorithm to the plain text value of the encrypted data. Search can be case-sensitive or case-insensitive depending on how you configure search.
The following procedure describes how to encrypt data and, optionally, how to enable search on this data. Before carrying out the procedure, note the following points:
The encrypted column, hash column, and the column that stores the index number to the key file must come from the same database table.
You cannot encrypt a column that has a denormalized column, because this feature is not supported.
For example, column NAME of account table S_ORG_EXT has a denormalized column in: S_ACCNT_POSTN.ACCOUNT_NAME.
The encrypted column and the hash column must be of type String (VARCHAR), while the column that stores the index number to the key file must be of type Integer.
For more information on requirements for data encryption, see "Requirements for Data Encryption".
To encrypt a column and enable search on the encrypted column in a database table
Start Siebel Tools.
Select the column in the database table that contains the data you want to encrypt.
Add values to the following parameters of the column you selected in 2:
Computation Expression. Specify the algorithm to encrypt data in the column as follows:
Siebel Encrypt.AES
[ColumnName])
For information on the Siebel AES encryption options, see "About Data Encryption". To implement AES (recommended), you must use Siebel Strong Encryption. For more information, see "About Siebel Strong Encryption".
Encrypt Key Specifier. Specify the column that stores the index number to the key file.
If you want to allow search on encrypted data, then create another column with a name of your choice or with the following name format:
C_HASH_NAME
where Name is the name of the column you selected in 2.
C_HASH_NAME
stores the value that results from applying the SHA-1 algorithm to the plain text values of the column you selected in 2.
The following table lists the syntax for a number of search scenarios.
Scenario | Enter these values |
---|---|
Encrypt data in column C_SSI using the AES algorithm | For Computation Expression, enter:
SiebelEncrypt.AES ([C_SSI]) For Encrypt Key Specifier, specify the column that stores the index key for the key file. For example: C_KeyIndex |
To enable case-sensitive search on the data that you encrypt in column C_SSI, you create an additional column C_HASH_SSI | Enter the following syntax in the field for the Computation Expression of column C_HASH_SSI:
SiebelHash.SHA1 ([C_SSI]) |
To enable case-insensitive search on the data that you encrypt in column C_SSI, you create an additional column C_HASH_SSI | Enter the following syntax in the field for the Computation Expression of column C_HASH_SSI:
SiebelHash.SHA1CI ([C_SSI]) |
Now do one of the following:
If the column that you have enabled for encryption does not yet contain data, then there are no further steps to perform.
If the column that you have enabled for encryption does contain data, then proceed to Step 5.
If the database column that you have enabled for encryption previously contained data, then run the Encryption Upgrade utility (encryptupg.exe) to encrypt the existing data and, if applicable, to create searchable hash values for the data.
Encrypt existing data immediately after you configure a column for encryption. You can create searchable hash values for the column at a later time if you choose. For information on using the encryptupg.exe utility, see "About Upgrading Data to a Higher Encryption Level".