Try OpenEdge Now
skip to main content
Core Business Services - Security and Auditing
Transparent Data Encryption : Configuring Transparent Data Encryption policies : Encrypting your existing data : EPOLICY MANAGE UPDATE example
 
EPOLICY MANAGE UPDATE example
In the following example, an encryption policy is set for the Type I area DataArea101. The normal course of updating records encrypts some of the blocks, and then EPOLICY MANAGE UPDATE completes the encryption. EPOLICY SCAN is used to verify that your data is becoming encrypted, and to check on the progress of the encryption. Execution of the EPOLICY commands requires database administrator and key store admin privileges. The general process is as follows:
1. Create an encryption policy for the area:
proenv>proutil t1demo -C epolicy manage area encrypt "DataArea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
Encryption policy setting for Area DataArea101 in Area 101
Cipher specification setting to AES_CBC_128 completed.
2. Check the status of the area with EPOLICY SCAN:
proenv>proutil t1demo -C epolicy scan area "DataArea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
AREA DataArea101 / 101 CURRENT AES_CBC_128 V:0 1 of 627 blocks encrypted
Observe that at this point, only one block is encrypted.
3. Allow normal database processing to proceed and re-check the progress of encryption with EPOLICY SCAN:
proenv>proutil t1demo -C epolicy scan area "DataArea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
AREA DataArea101 / 101 CURRENT AES_CBC_128 V:0 200 of 627 blocks encrypted
At this point, 200 blocks have been encrypted.
4. Encrypt the remaining blocks in the area with EPOLICY MANAGE UPDATE:
proenv>proutil t1demo -C epolicy manage area update "DataArea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
AREA DataArea101 / 101 CURRENT AES_CBC_128 V:0 427 of 627 blocks encrypted
MANAGE AREA UPDATE reports encrypting the remaining 427 blocks of the area that were not previously encrypted.
5. Confirm that all the blocks in the area are encrypted with an additional run of EPOLICY SCAN:
proenv>proutil t1demo -C epolicy scan area "DataArea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
AREA DataArea101 / 101 CURRENT AES_CBC_128 V:0 627 of 627 blocks encrypted
All the data in the area is now encrypted.