About Using the Where Clause and Flags in the Input File
On the line following the name of each column to be upgraded, you can optionally specify the WHERE clause, the N flag, and the H flag for the column:
Use the WHERE clause if you want to partition the data to encrypt. Every column name that you specify for the WHERE clause must have the letter S added to the start of the column name. If you do not want to partition data, then omit the WHERE clause, as in the following example:
[S_ORDER] CC_NUMBER S_ORDER CCNUM_ENCRPKEY_REF WHEREIf you have imported data from EIM into an encrypted column, then use the WHERE clause to specify that only the unencrypted EIM records, that is, records where the value of the key index column is NULL, are to be encrypted. For example, the following entry is for a table named S_PER_PAY_PRFL. This table contains an encrypted column, PAY_ACCNT_NUM, which has a key index column, ENCRPKEY_REF:
[S_PER_PAY_PRFL] PAY_ACCNT_NUM S_PER_PAY_PRFL CCNUM_ENCRPKEY_REF WHERE S.CCNUM_ENCRPKEY_REF IS NULLTo support upgrade of non-encrypted fields to use encryption, add the letter
Nafter the column name; for example:[S_NEW_TABLE] COLUMN_NAME S_NEW_TABLE NAME_KEY_INDEX NIf you want to enable search on the upgraded encrypted column, then add the letter
Hto the end of the column; for example:[S_NEW_TABLE] COLUMN_NAME S_NEW_TABLE NAME_KEY_INDEX HThis creates a hash column which stores the values that are returned when you apply the SHA-1 algorithm to the plain text values of the encrypted column.
If you want to enable search on an existing encrypted column, then add the following entry in the input file to create a column which stores the hash value of the plaintext in the encrypted column:
[S_TABLE_NAME] COLUMN_NAME S_TABLE_NAME COLUMN_NAME_ENCRPKEY_REF H WHERE S.ROW_ID=’123123’For information about search on encrypted data, see Configuring Encryption and Search on Encrypted Data.