Upgrading or Migrating from One PET Encryption to Another PET Encryption

Use this template to create a PeopleCode program to upgrade or migrate one PET encryption library to a different PET encryption library.

The program changes the PET encryption library for a Record.Field. The comments in the template include parameter definitions and usage guidelines.

/************************************************************/
/*  This program is built as a template for changing the    */
/*  PET encryption for a specific Record.Field.             */
/*                                                          */
/*  You Must Change the following values to fit your needs  */
/*  <RECORDNAME> = The Record containing the Field to have  */
/*                 Encryption Upgraded.                     */
/*  <FIELDNAME>  = The Field to have Encryption Upgraded.   */
/*  <DECRYPTPRFL>= The Profile needed to Decrypt the        */
/*                 current contents of the Field.           */
/*  <ENCRYPTPRFL>= The Profile to apply new encryption.     */
/************************************************************/

&sql = CreateSQL("%selectall(:1)", Record.<RECORDNAME>);
&rec = CreateRecord(Record.<RECORDNAME>);
&DecryptProfile = "<DECRYPTPRFL>";
&NewEncryptProfile = "<ENCRYPTPRFL>";
 
&Decrypt = CreateObject("Crypt");
&Encrypt = CreateObject("Crypt");

While &sql.Fetch(&rec)
  
   &Decrypt.Open(&DecryptProfile);
   /* If desired you can override any of the Profile Parameters.
      Should only be needed if Random IV, KEY, AAD, AUTHTAG were
      used/produced during Encryption of this Record.Field. You must
      uncomment and set GoToStep if you uncomment any SetParameter */
   rem   &Decrypt.GoToStep(n); /* Change n to Step number in decryption chain
*/
   rem   &Decrypt.SetParameter('IV', '<hex IV used during Encryption>');
   rem   &Decrypt.SetParameter('SYMMETRICKEY', '<keyset entry name used
during Encryption>');
   rem   &Decrypt.SetParameter('AUTHTAG', '<hex AuthTag produced during
Encryption>');
   rem   &Decrypt.SetParameter('AAD', '<AAD value used during Encryption>');
   /* Refer to the Documentation for Parameter Names and Values
   for the non-symmetric algorithms */
   rem   &Decrypt.SetParameter('<PARMNAME>', '<PARMVALUE>');
   &Decrypt.UpdateData(&rec.<FIELDNAME>.Value);
   &rec.<FIELDNAME>.Value = &Decrypt.Result;
  
   &Encrypt.Open(&NewEncryptProfile);
   /* If desired you can override any of the Profile Parameters.
      Should only be needed if Random IV, KEY, AAD, AUTHTAG are
      used during Encryption of this Record.Field.  You must
      uncomment and set GoToStep if you uncomment any SetParameter */
   rem   &Decrypt.GoToStep(n); /* Change n to Step number in encryption chain
*/
   rem   &Decrypt.SetParameter('IV', '<hex IV used during Encryption>');
   rem   &Decrypt.SetParameter('SYMMETRICKEY', '<keyset entry name used
during Encryption>');
   rem   &Decrypt.SetParameter('AAD', '<AAD value used during Encryption>');
   /* Refer to the Documentation for Parameter Names and Values for the
non-symmetric algorithms */
   rem   &Decrypt.SetParameter('<PARMNAME>', '<PARMVALUE>');
   &Encrypt.UpdateData(&rec.<FIELDNAME>.Value);
   &rec.<FIELDNAME>.Value = &Encrypt.Result;
   rem &rec.<FIELDNAME>.Value = &Encrypt.Verify; /* Used when running Verify
routine */
   rem &rec.<FIELDNAME>.Value = &Encrypt.AuthTag; /* Produced from AES CCM
and GCM modes - required for decryption */
  
   &rec.Update();
End-While;