Reencrypting Password Parameters in Siebel Gateway Registry

Note: As of Siebel CRM 17.0, the Siebel Gateway registry is used to store operational and connectivity information as well as configuration information for the Siebel Enterprise and Siebel Servers, replacing the Siebns.dat file which was used in previous releases. If you are migrating to Siebel CRM from an earlier release, it is recommended that you review the information in this topic.

This topic provides information on how to reencrypt parameters that are encrypted in the Siebel Gateway registry after you have increased the level of encryption you use with Siebel Business Applications.

Masked parameters are parameters that have their values encrypted. In the Siebel Gateway registry, parameters that specify password values are masked when they are written to the registry. Siebel uses high levels of encryption by default as of Siebel CRM 17.0, but if you are upgrading from a prior release, the upgrade process upgrades data automatically to a higher encryption level but it does not upgrade the masked parameters to the higher encryption level. While existing passwords will continue to work with the higher encryption level, it is recommended that you reencrypt existing passwords, as described in the following procedure, so that they use the higher encryption level as well.

The table in this topic lists the parameters that are encrypted in the Siebel Gateway registry that must be reencrypted when you increase the encryption level. Most, but not all, of the masked parameters are Siebel Server parameters that can be changed using the Server Manager program. The following procedure describes how to reset encrypted parameters to use a new encryption level using Server Manager.

Note: In Siebel CRM 8.1.x, 8.2.x, and 15.x, passwords were encrypted using 128-bit AES encryption. If you are upgrading to the current release, reset encrypted passwords in the Siebel Gateway registry so that they now use AES 256-bit data encryption. For additional information, see About Encryption of Siebel Gateway Password Parameters.

Attention: All encryption that is upgraded is upgraded to a minimum of 256 bits in Siebel CRM. Data that is unencrypted or that uses the standard encryptor (supported in some earlier releases) or RC2 (no longer supported as of Siebel CRM 8.1.1.14) cannot be read by the application in the current release so you must upgrade your encryption method to AES using the Encryption Upgrade Utility. Running the Encryption Upgrade Utility encrypts data that is unencrypted and increases the encryption level of data that is already encrypted. For more information, see Process of Upgrading Data to a Higher Encryption Level.

To reset encrypted parameters to use a new encryption level using Server Manager

Log in to the Server Manager command-line interface (srvrmgr program). For more information on how to start and use the srvrmgr program, see Siebel System Administration Guide.
Change each of the masked parameters so that it uses the increased encryption level. The following table describes the masked parameters.
For example, enter the following command to reset the Password parameter at the enterprise level:
```
change ent param Password=NewPassword
```

The following table describes the parameters that you must reencrypt if you increase the encryption level, and indicates how you can reencrypt each parameter.

Parameter	Description	How to Reencrypt the Parameter
Application Password	This parameter is defined for named subsystems of type InfraSecAdpt_LDAP [the default name is LDAPSecAdpt]. This parameter is set if LDAP security adapter authentication is used.	Siebel Web Clients can use the Server Manager command. Siebel Mobile Web Clients or Developer Web Clients must edit the appropriate application configuration file.
CRC Checksum CustomSecAdpt_CRC	This parameter is defined for named subsystems of type InfraSecAdpt_DB, InfraSecAdpt_LDAP, or InfraSecAdpt_Custom. This parameter specifies the checksum validation value for the security adapter DLL file and is set for LDAP, database, and custom security adapters. For further information on checksum validation, see Configuring Checksum Validation. Caution: Do not reset or change the value of the DBSecAdpt_CRC parameter. Changing the value of the CRC parameter for the database security adapter can disrupt the correct functioning of your Siebel application.	Siebel Web Clients can use the Server Manager command. Siebel Mobile Web Clients or Developer Web Clients must edit the appropriate application configuration file.
ClientDBAPwd	This parameter is specified for the Database Extract server component.	Use the Server Manager command.
DSPassword	This parameter is defined for named subsystems of type InfraDataSource (it can be set for the ServerDataSrc named subsystem, or another data source). It is specified for database security adapter authentication.	Siebel Web Clients can use the Server Manager command. Siebel Mobile Web Clients or Developer Web Clients must edit the appropriate application configuration file.
DSPrivUserPass PrivUserPass	These parameters are specified for the Generate Triggers Siebel Server component.	Use the Server Manager command.
DbaPwd NewDbaPwd	These parameters are specified for the Generate New Database Siebel Server component used with Siebel Remote.	Use the Server Manager command. For information on changing these parameters, see Siebel Remote and Replication Manager Administration Guide.
ExtDBPassword	This parameter provides credentials for the database specified in the external database subsystem.	Use the Server Manager command.
Private Key File Password	The key file stores the encryption keys that encrypt and decrypt data. The file is encrypted with the private key file password.	Using the Key Database Manager utility. For further information, see Changing the Key File Password. You can also change the parameter in the Siebel Application Interface profile.
MailPassword	This parameter is set for the email account that Siebel Email Response uses to connect to the SMTP/POP3 or SMTP/IMAP email servers.	Use the Server Manager command. For information on this parameter, see the topics on assigning parameter overrides for a communications profile in Siebel Email Administration Guide.
Password	This parameter, set at the Siebel Enterprise level, is the password for the system user (for example, SIEBADMIN) specified by the Username parameter. It is recommended that you do not change the value for this parameter when you reencrypt it.	Use the Server Manager command.
TableOwnPass	This parameter specifies the password for the Database Table Owner (DBO) account, which is used to modify the Siebel database tables.	Siebel Web Clients can use the Server Manager command. Siebel Developer Web Clients must edit the appropriate application configuration file. Change the parameter in the Siebel database. See Changing the Table Owner Password for instructions.
Trust Token CustomSecAdpt_TrustToken	These parameters apply in a Web SSO environment only, and are defined for named subsystems of type InfraSecAdpt_LDAP and InfraSecAdpt_Custom. These parameters are also specified for the Siebel Application Interface; the setting must be the same on both the Siebel Application Interface and the security adapter.	Siebel Web Clients can use the Server Manager command. Siebel Mobile Web Clients or Developer Web Clients must edit the appropriate application configuration file. Edit the Siebel Application Interface profile.