Changing the Site Key Settings

The purpose of the site key is to provide an encryption system that uses different encryption keys from one customer site to another. Each site key is used to derive a unique set of AES encryption keys. Therefore, there is not a lot of benefit to frequently changing the site key value. When a site key is changed, it requires the decryption and re-encryption of existing encrypted data.

Data is always encrypted using the "CurrentKey" site key. Data will be decrypted using either the "CurrentKey" site key or the "PreviousKey" sitekey, which allows data items to be decrypted using an old site key, and then encrypted using a new site key.

If you change the site key value, all previously encrypted data should be re-encrypted using the new site key value. After you convert all encrypted data using the new site key, then you can use a text editor to manually delete or comment out the "PreviousKey" entry in the JDE.INI.

Only one "PreviousKey" entry is allowed at one time. If at a later time you need to decrypt old data encrypted with the previous site key, you can manually re-add (or uncomment) the "PreviousKey" entry in the JDE.INI. Then the encryption system will decrypt the data and then re-encrypt the data using the "CurrentKey" site key.