The following steps must be followed to enable encryption in a database. Note that these steps do not encrypt any of the employee data.
1. On the database server, create two new folders to hold the database encryption keys. These folders must be secured from outside access, and only accessible by the database processes and the system administrator. These folders must also be backed up as part of any database backup. One folder will be known as the KEY_DIR - that holds the current active key and the KEYBACKUP_DIR which will hold all keys ever created and the files will be named with a timestamp of when they were created. Key files are also encrypted.
2. Do not allow other connection to the database while you are applying the initial encryption install. This may be as simple as taking your ePersonality application server connections down.
3. Connect with SQL as the P2K user
4. Execute the script DB_ENCRYPTION_INSTALL
- Once launched, the script will prompt the user for the two folder locations on the database server (created in step 1 above)
- The first folder (KEY_DIR) will contain the encryption key
- The second folder (KEYBACKUP_DIR) will contain any backup keys
- These folders MUST already exist and be accessible by the database.
- If the folders do not exist or are not accessible you will get a message stating, ORA-20000: Invalid File Operation - directories may not exist or be accessible
5. Execution of UMCE
- The script will create an execution for UMCE, and will show the execution number.
- UMCE will also create encrypted key files in the KEY_DIR and KEYBACKUP_DIR folders
- UMCE will encrypt user and role passwords on the P2K_AM_USERS and P2K_AM_ROLES tables
6. Execute the PRINT_TRACE script
- You will be prompted for the execution ID, which was reported to you in step 5.
7. Check the ENCRYPTION_INSTALL.log file for any errors and resolve.
8. Restart the system and sign on to validate access. You may now use the IMCE Screen to turn on encryption for any of the supported columns.
Notes#
Click to create a new notes pageScreen captures are meant to be indicative of the concept being presented and may not reflect the current screen design.
If you have any comments or questions please email the Wiki Editor
All content © High Line Corporation