Controlling access to private data while "at rest," that is, stored on disk inside your database, is the core of OpenEdge Transparent Data Encryption. OpenEdge combines various cipher algorithms, various encryption key lengths, secure storage of encryption keys, and user access controls to your encryption keys to ensure that your data's encryption cannot be reversed by anyone other than those granted access.
Each encrypted database has a single, unique Database Master Key (DMK). The DMK is created and managed by your database administrator, and stored in your database key store, which is separate from your database. Your key store is an independent and secure entity that provides secure storage of data encryption keys and controls access in the form of user accounts.
Encryption of your database objects is managed through encryption policies. You define which objects are encrypted and the encryption cipher for the object. Policies are stored in your database in a designated Encryption Policy Area. Object policies use virtual data encryption keys derived from your DMK and the specified cipher. The encryption key for each encrypted database object is unique.
For an in-depth discussion of the concepts surrounding Transparent Data Encryption, see OpenEdge Getting Started: Core Business Services - Security and Auditing.
