Kbase P150406: Quick Guide to enabling Transparent Data Encryption
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
12/28/2009 |
|
Status: Verified
GOAL:
Quick Guide to enabling Transparent Data Encryption
GOAL:
Quick Guide to enabling Transparent Data Encryption (TDE)
FACT(s) (Environment):
All Supported Operating Systems
OpenEdge 10.2B
FIX:
Sample steps demonstrating the setup of Transparent Data Encryption. This demonstration does not seek to demonstrate all functions associated with TDE (Transparent Data Encryption) just a limited set necessary to allow some testing to be performed.
1) prodb sports2000
2) create encrypt.st
echo e "Encryption Policy Area":13,32;64 . f 1024>encrypt.st
echo e "Encryption Policy Area":13,32;64 .>>encrypt.st
This area uses a new area type "e" for the Encryption Policy.
3) prostrct add sports2000 encrypt.st
4) proutil sports2000 -C enableencryption
A prompt will appear for two pass phrases
5) Now that encryption is enabled, to add additional areas requires an extra option for the prostrct command
echo d "TypeIIEncryptedArea":14,32;64 .>>encrypt2.st
prostrct add sports2000 encrypt2.st -passphrase
6) to encrypt a Type I area (Type I areas can only be encrypted for the entire area, not at the object level)
proutil sports2000 -C epolicy manage area encrypt "Cust_Data" -Passphrase
This does not encrypt the data until it is updated.
To encrypt it in place requires some operation which updates the data such as this command:
proutil sports2000 -C epolicy manage area update "Cust_Data" -Passphrase
7) to move the data to the area created in step 5 (this will transform it back to unencrypted data since the area is not encrypted)
proutil sports2000 -C tablemove Pub.customer "TypeIIEncryptedArea" "TypeIIEncryptedArea"
8) to re-encrypt the invidual table (since Type II areas can not be encrypted at the area level)
proutil sports2000 -C epolicy manage table encrypt "pub.customer" -Cipher 4 -Passphrase
A prompt will appear for the passphrase
A prompt will appear to acknowledge that this will unencrypt the data since the area TypeIIEncrypted Area has not been configured for Encryption yet
9) to encrypt the customer table in its new area requires two steps:
proutil sports2000 -C epolicy manage table encrypt "pub.customer" -Cipher 4 -Passphrase
proutil sports2000 -C epolicy manage table update "pub.customer" -Passphrase
10) to encrypt the area which contains the customer index:
proutil sports2000 -C epolicy manage area encrypt "Cust_Index" -Passphrase
proutil sports2000 -C epolicy manage area update "Cust_Index" -Passphrase