Creating encryption policies with PROUTIL EPOLICY

Core Business Services - Security and Auditing

Transparent Data Encryption : Configuring Transparent Data Encryption policies : Creating encryption policies : Creating encryption policies with PROUTIL EPOLICY

The PROUTIL EPOLICY MANAGE command creates encryption policies for Type I areas and for objects in Type II areas. PROUTIL EPOLICY MANAGE requires database administrator and key store admin privileges. The basic syntax for creating an encryption policy is:

proutil db-name -C epolicy manage object-type encryptobject-name

OpenEdge supports the object ciphers described in the following table:

Table 13. Object ciphers
ID	Cipher	Mode	Size	Key type
0	NULL	NULL	—	—
1	AES	CBC	128	binary
2	AES	CBC	192	binary
3	AES	CBC	256	binary
4	DES	CBC	56	binary
5	DES3	CBC	168	binary
7	RC4	ECB	128	binary

The object-type is one of the following: area, index, lob, or table, and the object-name is the name of the object, in quotes, if necessary.

For example, the following command creates an encryption policy with the default cipher on a Type I area named DataArea100 in a database named t1demo:

proenv>proutil t1demo -C epolicy manage area encrypt "DataArea100"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
Encryption policy setting for Area DataArea100 in Area 100
Cipher specification setting to AES_CBC_128 completed.

See OpenEdge Data Management: Database Administration for the complete syntax of EPOLICY MANAGE.