If you enable TDE DB policy management for a database and want to use that database with a prior release of OpenEdge, you must first disable TDE DB policy management.

  1. If there is any encrypted object associated with the previous encryption DB policy, you must retire the previous policy before you can disable management.
    To find objects with encryption policies on the previous encryption DB policy, use:
    proutil epolicy view [table | index | lob | area
    For details, see PROUTIL EPOLICY VIEW qualifier.
  2. Update each object associated with the previous encryption DB policy: 
    proutil epolicy manage update [table | index | lob | area
    For details, see PROUTIL EPOLICY MANAGE qualifier.
  3. Retire the previous encryption DB policy: 
    proutil epolicy manage dbpolicy retire
  4. Use this command to disable encryption DB policy management: 
    proutil db-name -C disableTDEDBPolicyManagement
    For details, see PROUTIL DISABLETDEDBPOLICYMANAGEMENT qualifier.
    Note:
    Before disablement, OpenEdge saves a backup of the key store file dbname.ks to dbname.ksbk.processId.timestamp, for example: 
    Saved the keystore file to "testdb.ksbk.29669.Wed_Dec_30_09_07_08_2021".

    If the disablement fails after the key store changes, restore the key store file by copying the backup file to db-name.ks.

    After disablement completes, all encryption policies and the key store revert to the previous OpenEdge release format.