Understanding the Encryption of Sensitive Data in EnterpriseOne
EnterpriseOne uses 128 bit AES encryption for the encryption of certain sensitive data (such as passwords) stored in the database and sensitive data stored in the following EnterpriseOne configuration (INI) files on EnterpriseOne servers:
jde
jdbj
jas
tokengen
jdeinterop
A system administrator uses Server Manager to configure the settings in these server configuration files. If a system administrator updates a configuration setting that contains sensitive data such as a password, the encryption system encrypts the data so that it cannot be read by anyone who opens a configuration file manually. See #u30144357__CIHBHBED for a complete list of INI files and the settings that contain sensitive data.
You can set up encryption before an EnterpriseOne installation using a command line utility program on the Deployment Server. See Encrypting Sensitive INI File Data Using the Deployment Server. You can also set up encryption after an installation through Server Manager. Both methods involve using a site key for encryption as described later in this chapter.