Learn about Security and Auditing

EPOLICY MANAGE UPDATE example

Save PDF

EPOLICY MANAGE UPDATE example

Save PDF

Last Updated: March 30, 2020
1 minute read

OpenEdge
Version 12.2
Documentation

In the following example, an encryption policy is set for the Type I area DataArea101. The normal course of updating records encrypts some of the blocks, and then EPOLICY MANAGE UPDATE completes the encryption. EPOLICY SCAN is used to verify that your data is becoming encrypted, and to check on the progress of the encryption. Execution of the EPOLICY commands requires database administrator and keystore admin privileges. The general process is as follows:

Create an encryption policy for the area:

`proenv>proutil t1demo -C epolicy manage area encrypt "DataArea101" OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009 Encryption policy setting for Area DataArea101 in Area 101 Cipher specification setting to AES_CBC_128 completed.`

proenv>proutil t1demo -C epolicy manage area encrypt "DataArea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
Encryption policy setting for Area DataArea101 in Area 101
Cipher specification setting to AES_CBC_128 completed.

Check the status of the area with EPOLICY SCAN:


`proenv>proutil t1demo -C epolicy scan area "DataArea101" OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009 AREA DataArea101 / 101 CURRENT AES_CBC_128 V:0 1 of 627 blocks encrypted`

Observe that at this point, only one block is encrypted.

Allow normal database processing to proceed and re-check the progress of encryption with EPOLICY SCAN:


`proenv>proutil t1demo -C epolicy scan area "DataArea101" OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009 AREA DataArea101 / 101 CURRENT AES_CBC_128 V:0 200 of 627 blocks encrypted`

At this point, 200 blocks have been encrypted.

Encrypt the remaining blocks in the area with EPOLICY MANAGE UPDATE:

`proenv>proutil t1demo -C epolicy manage area update "DataArea101" OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009 AREA DataArea101 / 101 CURRENT AES_CBC_128 V:0 427 of 627 blocks encrypted`

proenv>proutil t1demo -C epolicy manage area update "DataArea101"
OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009
AREA     DataArea101 / 101  CURRENT   AES_CBC_128  V:0   427 of 627 blocks encrypted

MANAGE AREA UPDATE reports encrypting the remaining 427 blocks of the area that were not previously encrypted.

Confirm that all the blocks in the area are encrypted with an additional run of EPOLICY SCAN:


`proenv>proutil t1demo -C epolicy scan area "DataArea101" OpenEdge Release 10.2B1P as of Fri Nov 20 19:01:52 EST 2009 AREA DataArea101 / 101 CURRENT AES_CBC_128 V:0 627 of 627 blocks encrypted`

All the data in the area is now encrypted.