1. Database Upgrade Guide
  2. Upgrade Planning for Siebel AES Encryption

Upgrade Planning for Siebel AES Encryption

Upgrades from: All Supported Siebel releases.

Environments: Development, Test and Production.

Databases: All databases.

Platforms: Windows and UNIX only.

Siebel CRM supports AES encryption method, the government standard for secure applications.

Data that is unencrypted or that uses earlier encryption types must upgrade encryption method to AES 256 using the Encryption Upgrade Utility. Running the Encryption Upgrade Utility encrypts data that is unencrypted and increases the encryption level of data that is already encrypted. For more information about upgrading data to a higher encryption level, see Siebel Security Guide.

Note: If you are upgrading post 25.10, make sure all Encryption is upgraded to a minimum of 256 bits in Siebel CRM, if not don’t update to 25.10 and above. For fresh installs on new systems, a script is provided to determine current Encryption Level. The FindEncryptionLevel utility ( FindCurrentEncryptionLevel.bat for Windows and FindCurrentEncryptionLevel.sh for Unix) must be copied from Disk1/install folder under the image/build location to old system to determine encryption level if it is not known. Inspect the log file to troubleshoot if there are any issues. It is located at: \ses\siebsrvr\log\encryptupg.log (or EncryptionUpgrade_<time_stamp>.log, depending on log level). If errors are found, address the error and execute the encryption migration utility from the command line.
Attention: All encryption that is upgraded is upgraded to a minimum of 256 bits in Siebel CRM.

During the upgrade process, the encryption upgrade is run during the database upgrep and upgphys process. During the database upgrep upgrade, only the logical definition is updated. During the database upgphys process, only the physical data is updated. During the upghys encryption upgrade, the .cfg file could cause errors. The .cfg file must be updated correctly before running the Key Database Manager utility - for more information, see Modifying siebel.cfg Before Upgrading Siebel Database.

Note: After installing the Siebel CRM software for the current release any passwords stored in the Siebel Gateway that were previously encrypted using RC4 encryption are reset. In the current release, such passwords are encrypted using Advanced Encryption Standard (AES). For more information about reencrypting passwords, see Siebel Security Guide.