How Data Encryption Works
When encryption is enabled for a column in a database table, unencrypted data from all the fields in this column is sent through the AES Encryptor. The encryptor encrypts the data using an encryption key stored in the key file.
After the data is encrypted, it is sent back to the database. When a user accesses this data, the encrypted data is sent through the encryptor again to be decrypted. The data is decrypted using the same encryption key from the key file that was used for encryption. The decrypted data is then sent to the business component field to be displayed in the application. For information on configuring encryption for a database column, see Configuring Encryption and Search on Encrypted Data.
The key file stores a number of encryption keys that encrypt and decrypt data. The key file is
named keyfile.bin and is located in the SIEBSRVR_ROOT/admin directory of each
Siebel Server. Additional encryption keys can be added to the key file. For security, the
keyfile.bin file is itself encrypted with the key file password. For information on using the Key
Database Manager utility to add encryption keys and to change the key file password, see Managing the Key File Using the Key Database Manager.