One command enables your database for transparent data encryption. The basic syntax for enabling encryption is:

proutil dbname -C enableencryption [-Cipher cipher-num] 
            [-Autostart {user|admin}]

Enabling encryption performs the following tasks on your database:

• The database BI is truncated if the database is offline and the BI is not already truncated.
• The schema for encryption policy area is loaded.
• New audit events for encryption are loaded.
• The OpenEdge key store is created, and the key store creates and stores the database master key. The key store is named, dbname.ks, and is stored in the same directory as your dbname.db file.
• The master database security record is created in the encryption policies.
• A UUID for the database is set, if not already set.
• Encryption keys are generated for encrypting the database AI and BI files (unless explicitly turned off).
• Autostart is configured for the key store, if requested.
• You are prompted for passphrases:
  • The key store admin passphrase is required.
  • The key store user passphrase is optional.
  • The PBE passphrase is mandatory if you specify the PBE cipher for your key store (-Cipher 11 or -Cipher 12; -Cipher 11 specifies that the default cipher is AES128_CBC_PBE. -Cipher 12 specifies that the default cipher is AES256_CBC_PBE).

By default, PROUTIL ENABLEENCRYPTION indicates that all future AI and BI notes are encrypted. If after-imaging is enabled, enabling encryption results in an extent switch. If you enable encryption while your database is online, BI notes are not encrypted; see Enabling BI file encryption after enabling encryption for instructions on enabling your BI files for encryption. Existing AI and BI files are not encrypted; enabling encryption essentially sets an indicator for future writes. See PROUTIL ENABLEENCRYPTION qualifier for the complete syntax.