Manage the OpenEdge Database

Disable encryption

Save PDF

Disable encryption

Save PDF

Last Updated: February 11, 2026
2 minute read

OpenEdge
Version 13.0
Documentation

If you determine that you no longer need your database encrypted, you can disable encryption with the PROUTIL DISABLEENCRYPTION command.

This command also disables flexible DB policy management, if enabled.

The basic syntax is:


`proutil dbname -C disableencryption`

Disabling encryption decrypts all the data in your database, removes all the encryption policies, and archives your key store (by renaming it to dbname.ksbk).

If you have a large number of encrypted database objects, you might want to control the decryption of your data before running the DISABLEENCRYPTION command. To decrypt your data, update the encryption policy to the NULL cipher.

Note: The EPOLICY SCAN and

EPOLICY
            MANAGE

commands do not support Type II areas. If you run the commands against a Type II area, you receive the following errors:

ERROR - Epolicy update of a Type II storage area is not valid. (15323)

ERROR - Area level encryption actions are only valid for Type I storage areas. (15505)

To decrypt data, take the following steps:

Verify that the object is encrypted with EPOLICY SCAN with the following syntax:
proutil dbname -C epolicy scan area "area-name"
The current cipher and the number of encrypted blocks are displayed. For example:
AREA example-area / 101 CURRENT AES_CBC_128 V:1 627 of 627 blocks encrypted
Change the encryption policy cipher to the NULL cipher (cipher 0).
proutil dbname -C epolicy manage area cipher "area-name" -Cipher 0
You receive a message confirming that the cipher change is complete.

Re-confirm the policy change with EPOLICY SCAN.

proutil dbname -C epolicy scan area "area-name"

The current and previous encryption information for the specified area are displayed. For example:

AREA     example-area / 101  CURRENT   NULL_NULL_NULL  V:2   1 of 627 blocks encrypted
AREA     example-area / 101  PREVIOUS  AES_CBC_128  V:1   626 of 627 blocks encrypted

Update all the blocks to the NULL cipher policy with EPOLICY MANAGE UPDATE.
proutil dbname -C epolicy manage area update "area-name"
You do not receive a message confirming the update. You confirm the change in the next step.
Confirm that the object is decrypted and the policy deleted with EPOLICY SCAN, as you did in step 1:
proutil dbname -C epolicy scan area "area-name"
You receive a message confirming that no encryption policy exists for the specified object.

Use the following syntax to disable encryption:

proutil dbname -C disableencryption

You receive a confirmation message similar to the following:

OpenEdge Release 12
Updating blocks of object 9/7. (15466)
Updating blocks of object 9/100. (15466)
BI Encryption has been disabled for database example-database. (12490)
Encryption Feature has been disabled for database example-area. (12490)
The BI file is being automatically truncated. (1526)

By decrypting your data before disabling encryption, you can control the impact of the update to normal database processing.