Try OpenEdge Now
skip to main content
Database Administration
Protecting Your Data : Transparent Data Encryption : Enabling Encryption : Running ENABLEENCRYPTION
 
Running ENABLEENCRYPTION
One command enables your database for transparent data encryption. The basic syntax for enabling encryption is:
proutil dbname -C enableencryption [-Cipher cipher-num]
            [-Autostart {user|admin}]
Enabling encryption performs the following tasks on your database:
*The database BI is truncated if the database is offline and the BI is not already truncated.
*The schema for encryption policy area is loaded.
*New audit events for encryption are loaded.
*The OpenEdge key store is created, and the key store creates and stores the database master key. The key store is named, dbname.ks, and is stored in the same directory as your dbname.db file.
*The master database security record is created in the encryption policies.
*A UUID for the database is set, if not already set.
*Encryption keys are generated for encrypting the database AI and BI files (unless explicitly turned off).
*Autostart is configured for the key store, if requested.
*You are prompted for passphrases:
*The key store admin passphrase is required.
*The key store user passphrase is optional.
*The PBE passphrase is mandatory if you specify the PBE cipher for your key store (-Cipher 6).
By default, PROUTIL ENABLEENCRYPTION indicates that all future AI and BI notes are encrypted. If after-imaging is enabled, enabling encryption results in an extent switch. If you enable encryption while your database is online, BI notes are not encrypted; see Enabling BI file encryption after enabling encryption for instructions on enabling your BI files for encryption. Existing AI and BI files are not encrypted; enabling encryption essentially sets an indicator for future writes. See PROUTIL ENABLEENCRYPTION qualifier for the complete syntax.