Try OpenEdge Now
skip to main content
Database Administration
Reference : PROUTIL Utility : PROUTIL ENABLEENCRYPTION qualifier


Enables your database for transparent data encryption.


proutil db-name -C enableencryption
       [-Cipher cipher-number][-Autostart{admin | user}]       
[-biencryption enable|disable ][-aiencryption enable|disable]
       [-Passphrase][[-userid userid][-password password]]


Name of the database where you are enabling encryption.
-Cipher cipher-number
Specifies the database master policy cipher. If not specified, cipher 1, "AES_CBC_128" is used by default. See PROUTIL EPOLICY INFO qualifier for a list of the supported ciphers and their corresponding ID numbers.
-Autostart {admin | user}
Specifies that you will allow your database to autostart authentication to the key store by the specified key store account. If not specified, the database is set to manual startup. Manual startup requires that the user enter the passphrase to authenticate the key store every time the database is opened (by servers, clients, and utilities).
-biencryption enable|disable
Specifies whether your BI is encrypted or not. If not specified, BI encryption is enabled.
-aiencryption enable|disable
Specifies whether your AI is encrypted or not. If not specified, AI encryption is enabled.
Specifies that the user must be prompted for a passphrase to authenticate the key store, prior to executing this command.
-userid userid -password password
Specifies the userid and password of an authenticated database administrator.
Successful execution of ENABLEENCRYPTION creates the database key store and makes the database ready for the creation of encryption policies. Nodata is encrypted by running this command.
The first time ENABLEENCRYPTION is run, you are prompted for several passphrases:
1. The key store administrator passphrase (required).
2. The key store user passphrase (optional).
3. The PBE passphrase for creating the database master key (required if -Cipher 6 specifies that the default cipher is DEC_CBC_PBE).
Passphrases must conform to the constraints described in the table below.
Table 98. Passphrase constraints
Minimum number of characters
Maximum number of characters
Minimum number of numeric characters
Minimum number of alpha characters
Minimum number of punctuation characters
Character set
First character
(see Character set)
Mixed case alpha required
Case sensitive


*After successfully enabling your database for encryption, you can run the ENABLEENCRYPTION command again, only for the purpose of changing the status of AI and BI encryption.
*To change settings other than AI and BI encryption, use the PROUTIL EPOLICY MANAGE command. See PROUTIL EPOLICY MANAGE qualifier for command syntax and details.
*If after-imaging is enabled, ENABLEENCRYPTION causes and extent switch.