Encryption context setup

Administrators can create an encryption context that uses an encryption key.

About this task

Your instance can generate an encryption key, or you can generate your own key with a certificate authority. See your certificate authority documentation for information on creating an encryption key.

Procedure

  1. Navigate to System Security > Encryption Contexts.
  2. Click New.
  3. Enter the following:
    • Name: enter the text users see when selecting an encryption context.
    • Encryption key: do not change this field If you want the instance to randomly generate a key. Otherwise, enter the desired key (exactly 24-characters for Triple DES, or exactly 16-characters for AES 128-bit, or 32-characters for AES 256-bit).
      Warning: You cannot retrieve this key from the instance, so save it elsewhere before clicking Submit if you will need it.
    • Type: select AES 128-bit for Advanced Encryption Standard, Triple DES for Triple Data Encryption Standard, or AES 256-bit if your system is configured for it.
  4. Click Submit.

    The encryption key itself is encrypted with a key that is stored in the program, not in the database. This prevents other users from copying the key and using it to decrypt data.

  5. Navigate to System Security > Roles and open the role to associate with the encryption context.
  6. Configure the Roles form to add the Encryption context field.
  7. Select the encryption context to associate with the role (there can be only one encryption context per role).
  8. Click Update.

    Users must log out of the instance and log in again to use the encryption context.