1. Security Administration Guide
  2. Understanding the Generation of Site Keys for Use with AES Encryption

Understanding the Generation of Site Keys for Use with AES Encryption

Starting with EnterpriseOne Tools Release 9.2, the EnterpriseOne encryption system uses a site key to add a higher level of security for sensitive data stored in configuration files and databases. The site key is combined with other values to create an AES key. The encryption system then uses the AES key to encrypt individual data items. Encryption using AES is the industry-standard for achieving a highly secure encryption.

The site key is unique for each customer. A random value is selected for each data item to be encrypted. The site key is combined with the random value and version-based values within the EnterpriseOne system to generate a 128-bit AES key. That AES key is then used to encrypt that data item. With different random values for each data item, it is possible to have up to 16 million different AES keys associated with each site key.

Oracle provides a command line "sitekey" utility program on the Security Server for generating and storing site keys in the JDE.INI file on the Security Server. When sensitive data is entered in Server Manager, Server Manager accesses the site key in the JDE.INI file and uses the site key to encrypt the data item.

Server Manager uses JDENet to retrieve the site key from the main Security Server defined for Server Manager. If the Security Server is not running, Server Manager will retrieve the site key directly from that Security Server's JDE.INI file.

To create a site key value, a system administrator enters a unique password in the sitekey program. The sitekey program generates a site key from this password. The site key program:

  • Uses a hashing function to convert the password into a site key value.

    Note: Based on the hashing, it is not possible to recover the password from the site key value.

  • Encrypts the site key value and encodes it within a text string.

  • Stores the site key text string in the [SITE KEYS] section of the Security Server JDE.INI file. Example of Site Key Entries in the JDE.INI shows an example of a text string of a site key value in the SITE KEYS section.

Using site key values for data encryption provides the following benefits:

  • Because site key values are generated from unique passwords, it is highly unlikely that two customers will have the same values.

  • The encryption and encoding of the site keys use randomized parameters, so multiple text representations of the same site key will almost always be different.

  • The site key values are not stored in the program code. Because site keys are stored in the JDE.INI file, each customer has their own site key, which provides a higher level of security.