Try OpenEdge Now
skip to main content
Database Administration
Protecting Your Data : Transparent Data Encryption : Disabling encryption
 

Disabling encryption

If you determine that you no longer need your database encrypted, you can disable encryption with the PROUTIL DISABLEENCRYPTION command. The basic syntax is:
proutil dbname -C disableencryption
Disabling encryption decrypts all the data in your database, removes all the encryption policies, and archives your key store (by renaming it to dbname.ksbk).
If you have a large number of encrypted database objects, you might want to control the decryption of your data before running the DISABLEENCRYPTION command. To decrypt your data, update the encryption policy to the NULL cipher.
To decrypt data:
1. Verify that the object is encrypted with EPOLICY SCAN, as shown:
proenv>proutil t1demo -C epolicy scan area "dataarea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
AREA dataarea101 / 101 CURRENT AES_CBC_128 V:1 627 of 627 blocks
encrypted
2. Change the encryption policy cipher to the NULL cipher (cipher 0), as shown:
proenv>proutil t1demo -C epolicy manage area cipher "dataarea101" -Cipher 0
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
Encryption policy cipher change for Area dataarea101 in Area 101
Cipher specification change to NULL_NULL_NULL completed.
3. Re-confirm the policy change with EPOLICY SCAN, as shown:
proenv>proutil t1demo -C epolicy scan area "dataarea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
AREA dataarea101 / 101 CURRENT NULL_NULL_NULL V:2 1 of 627 blocks
encrypted
AREA dataarea101 / 101 PREVIOUS AES_CBC_128 V:1 626 of 627 blocks
encrypted
4. Update all the blocks to the NULL cipher policy with EPOLICY MANAGE UPDATE, as shown:
proenv>proutil t1demo -C epolicy manage area update "dataarea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
5. Confirm that the object is decrypted and the policy deleted with EPOLICY SCAN, as shown:
proenv>proutil t1demo -C epolicy scan area "dataarea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
No encryption policy exists for object dataarea101.
EPolicy: Encryption policy management failed -402
6. Disable encryption, as shown:
proenv>proutil t1demo -C disableencryption
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
Updating blocks of object 9/7. (15466)
Updating blocks of object 9/100. (15466)
BI Encryption has been disabled for database t1demo. (12490)
Encryption Feature has been disabled for database t1demo. (12490)
The BI file is being automatically truncated. (1526)
By decrypting your data before disabling encryption, you can control the impact of the update to normal database processing.