How to use Transparent Data Encryption? - Forum - OpenEdge General - Progress Community

How to use Transparent Data Encryption?

 Forum

How to use Transparent Data Encryption?

This question is not answered

EDIT Current Problem: A licensing issue. When I try to run "proutil C:/sports2000/sports2000 -C enableencryption", I receive the error message "Installation is not licensed for transparent data encryption (17112)". However, I've checked, and my license is an Open Edge Developer's Kit Corporate Edition so I should be licensed for dev builds of TDE right, under the Advanced Enterprise Database part of the features? Any idea why this isn't working?

Original Problem: I've found lots of pdfs and webpages talking about the features of it but found nothing on how to actually use it! Well, there is this article https://knowledgebase.progress.com/articles/Article/P150406 but I was hoping for something more GUI based so it would be easier to manage. Is there any documentation on this? I can't find it. There's a control in Data Administration Admin/Security called "Encryption Policies" but this is greyed out. Is this to do with TDE or is this another, older kind of encryption?

Thanks.

All Replies
  • First off if you're a DBA that likes a GUI switch to MS-SQL; ChUI for the win!

    It's easy enough to setup, what you want to read is the Database Administration guide chapter 10

    community.progress.com/.../2911.openedge-11-7-product-documentation

    ---------------

    Mare sure the follow AREA exists, must have exact area name: addenc.st

    e "Encryption Policy Area":15,32;64 ./data6/trans_15.d1

    prostrct add trans addenc.st

    proutil trans -C enableencryption -Cipher 3 -Autostart admin

    Admin Password:  *************

    User Password:   *************

    proutil trans -C enableencryption -Cipher 3 -Autostart admin

    OpenEdge Release 11.6.1 as of Fri Feb 19 18:20:45 EST 2016

    Area Encryption Policy Area/93 contains Encryption Schema (17287)

    Cipher specification being set to AES_CBC_256 (15422)

    Autostart option has been selected. (15424)

    Key store administrator passphrase [required]:

    Please Retype your Passphrase for Verification

    Key store administrator passphrase [required]:

    Key store user passphrase [optional]:

    Please Retype your Passphrase for Verification

    Key store user passphrase [optional]:

    The BI file is being automatically truncated. (1526)

    BI encryption enabled successfully. (15204)

    Encryption has been successfully enabled.

    Keep the following somewhere safe but not with the DB backup

    New file   trans.ks

    BI/AI should be encrypted

    proutil trans -C enableencryption -biencryption enable

    proutil dbname -C enableencryption -aiencryption enable

    rfutil dbname -C aimage begin -aiencryption enable

    ** DB already enabled for encyption

    proutil trans -C epolicy manage table encrypt address

    OpenEdge Release 11.6.1 as of Fri Feb 19 18:20:45 EST 2016

    Encryption policy setting for Table address in Area 10. (15629)

    Cipher specification setting to AES_CBC_128 completed. (15491)

    ### Always best scan; need to make sure the data was encrypted; the following shows it's still in the middle of being updated

    proutil trans -C epolicy scan table address

    OpenEdge Release 11.6.1 as of Fri Feb 19 18:20:45 EST 2016

    TABLE    address / 1  CURRENT   AES_CBC_128  V:0    7 of 8 blocks encrypted

  • Hi Jonathan, sorry but I live in the 21st century and expect a good GUI now and then! :P. This explanation, and the articles are incredibly useful, it can be really hard to find the right part of the Open Edge documentation! Thanks a lot for your help.

    A problem I'm having at the moment is a licensing issue. When I try to run "proutil C:/sports2000/sports2000 -C enableencryption", I receive the error message "Installation is not licensed for transparent data encryption (17112)". However, I've checked, and my license is an Open Edge Developer's Kit Corporate Edition so I should be licensed for dev builds of TDE right, under the Advanced Enterprise Database part of the features? Any idea why this isn't working?

  • GUI <> "easier to manage".  GUI is what you get when marketing is in charge.

    Command line interfaces are scriptable, repeatable and scalable.  They're all the rage with the full stack dev ops kids these days.

    --
    Tom Bascom
    tom@wss.com

  • Check out these two documents on communities:

    community.progress.com/.../790.transparent-database-encryption-quick-start

    community.progress.com/.../789.transparent-database-encryption-frequently-asked-questions

  • If you continue to experience a licensing issue, your best bet is to contact Progress Technical Support for assistance.