To create a new active or pending encryption DB policy, you must retire the previous encryption DB policy.

To retire an encryption DB policy, use the following PROUTIL EPOLICY MANAGE utility syntax:

proutil db-name -C epolicy manage dbpolicy retire

If you enable encryption DB policy management for an OpenEdge database and later want to use that database with a prior release of OpenEdge, you must first disable encryption DB policy management. If there is any encrypted object associated with the previous encryption DB policy, you must retire the previous policy before you can disable encryption DB policy management.

Before you retire an encryption DB policy, check the states of existing policies. Use a PROUTIL EPOLICY VIEW command to view encryption DB policy states, for example: 

PROUTIL sports2020 -C epolicy view dbpolicy
Encryption DB policy: CURRENT  V:2 AES_CBC_192 
Encryption DB policy: PREVIOUS V:1 AES_CBC_128

The command found two policies: current and previous.

Note: You may also use PROUTIL EPOLICY SCAN, which is slower than PROUTIL EPOLICY VIEW, to find out how many blocks are using the previous policy.

If a previous encryption DB policy exists when you retire an encryption DB policy, the retire operation checks all existing object policies. If no object policy is found using the previous encryption DB policy, the operation retires the encryption DB policy.

This example command retires the encryption DB policy for a sports2020 database:

PROUTIL sports2020 -C epolicy manage dbpolicy retire

If a pending encryption DB policy exists, the utility prompts you to delete the pending policy.

For details about RETIRE syntax, see PROUTIL EPOLICY MANAGE qualifier.