Difference: APPXIODataEncryption (1 vs. 13)

Revision 132012-04-05 - BredaHennessy

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"
Deleted:
<
<
 

APPXIO Data Encryption

Effective with Release 5.0.0, the APPX Utility includes an option to encrypt APPXIO data files.
Line: 107 to 106
 
  1. Fixed length consecutive APPXIO files cannot be encrypted.  Variable length consecutive APPXIO files may be encrypted.

Enhancement Suggestions:

  1. If data is encrypted, a warning should be presented to the user prior to generating a new encryption key, or changing the System Parameter Pass Phrase. This could help prevent unintended data loss.
Changed:
<
<
  1. When importing data into an newly encrypted state, we should either delete the PORTDATA or warn the user that the PORTDATA is unencrypted.
>
>
  1. When importing data into a newly encrypted state, we should either delete the PORTDATA or warn the user that the PORTDATA is unencrypted.
 
  1. When exported from an encrypted state to an unencrypted state, we should warn the user that the exported data is unencrypted.

Comments:

Read what other users have said about this page or add your own comments.

Revision 122008-09-25 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPXIO Data Encryption

Line: 105 to 105
 

Limitations:

  1. One-record APPXIO files cannot be encrypted.
  2. Fixed length consecutive APPXIO files cannot be encrypted.  Variable length consecutive APPXIO files may be encrypted.
Changed:
<
<

Suggested Enhancements:

>
>

Enhancement Suggestions:

 
  1. If data is encrypted, a warning should be presented to the user prior to generating a new encryption key, or changing the System Parameter Pass Phrase. This could help prevent unintended data loss.
  2. When importing data into an newly encrypted state, we should either delete the PORTDATA or warn the user that the PORTDATA is unencrypted.
  3. When exported from an encrypted state to an unencrypted state, we should warn the user that the exported data is unencrypted.

Revision 112008-09-23 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPXIO Data Encryption

Line: 42 to 42
 
  1. Make sure that no users are accessing the system  Do not attempt to change the system Encryption Passphrase while other users are accessing the system.
  2. Export all of the encrypted APPXIO data files in all APPX databases.  The Export utility on the Database Management menu should be used to export the encrypted APPXIO data files.
  3. Use the System Parameters maintenance process in System Administration to change the system Encryption Passphrase.  The Set/Change Passphrase screen includes a report that can be run to obtain a list of all FMS groups and files which have been encrypted.  Use this list to verify that you have exported all of the encrypted files.
Changed:
<
<
  1. Change all of the encryption keys that have been entered for individual files and for FMS groups.
  2. Import all of the APPXIO data files that you exported in step 2.  Be sure to specify the "Replace" option for the data import.
>
>
  1. Change all of the encryption keys that have been entered for individual files and for FMS groups in all databases.
  2. Import all of the APPXIO data files in all APPX databases that you exported in step 2.  Be sure to specify the "Replace" option for the data import.
 

Enter/Edit File Encryption Keys

Changed:
<
<		The encryption key for a specific file can be set or changed in Database Management.
>
>		The encryption key for a specific database instance of a file can be set or changed in Database Management.
 
Database Management --> File Specifications --> File Attributes

The same encryption key value can be entered for each file or each file can have its own unique encryption key.  An easy way to ensure that each file has a unique encryption key is to use the Random Key button to automatically generate a random key for the file.  If you choose to enter an encryption key, you should choose "strong" key values just as you would for a password.  This means that your key should not be a common name or word, should include a mixture of letters, numbers, and special characters, and should be more than a few characters in length.

Line: 65 to 65
 FMSGroupEncryptionKey.PNG

How to Create A New Encrypted File

Changed:
<
<		The following steps should be followed to encrypt a new file.
>
>		The following steps should be followed to encrypt a new APPXIO file.
 
  1. If APPXIO file encryption has not already been enabled on your system, first follow the steps for enabling APPXIO file encryption.
Changed:
<
<
  1. Add the file to the data dictionary in your APPX Application.
  2. Enter the appropriate encryption key in the file specifications for the file that you wish to encrypt or assign the file to an FMS group that has an encryption key.
  3. Create the file. 
>
>
  1. Add the new file definition to the data dictionary in your APPX Application.
  2. Enter the appropriate encryption key in the file specifications for each database instance of the file that you wish to encrypt or assign each database instance of the file to an FMS group for which you have entered an encryption key.
  3. Create each database instance of the file. 
 

How to Encrypt an Existing File 

Changed:
<
<		The following steps must be followed to encrypt an existing APPXIO file:
>
>		The following steps should be followed to encrypt an existing APPXIO file:
 
  1. If APPXIO file encryption has not already been enabled on your system, first follow the steps for enabling APPXIO file encryption.
  2. Export the file that is to be encrypted.  If the file has been created in more than one database, you must export each instance of the file that is to be encrypted.
Changed:
<
<
  1. Enter the appropriate encryption key in the file specifications for the file that you wish to encrypt or assign the file to an FMS group that has an encryption key.
  2. Import the file.  Be sure to specify the "Replace" option when importing the file.
>
>
  1. Enter the appropriate encryption key in the file specifications for each database instance of the file that you wish to encrypt or assign each database instance of the file to an FMS group that has an encryption key.
  2. Import the file in each database.  Be sure to specify the "Replace" option when importing each database instance the file.
 

How to Decrypt an Encrypted File

Added:
>
>
  1. Use the Export utility in Database Management to export the encrypted file that is to be decrypted.  If the encrypted file exists in more than one database, you must export each instance of the encrypted file that is to be decrypted.
  2. Remove the encryption key in the file specifications for each database instance of the file that you wish to decrypt.  If the file is assigned to a FMS group that has an encryption key, then you must remove the file from the FMS group or remove the encryption key from the FMS group.  If you need to remove the encryption key from an FMS group, make sure that you exported all of the files that are assigned to the FMS group in step 1 above.
  3. Import each database instance of the file.  Be sure to specify the "Replace" option when importing each database instance the file.
 

Sharing of Encrypted Files

Changed:
<
<		Encrypted files are secure.  If you copy them to another APPX system you will not be able to read them unless you use the same encryption keys that were used on the system that created the file and the same passphrase.
>
>		Encrypted files may be shared and successfully accessed by two or more APPX systems provided the following conditions are all satisfied:
  1. The system Encryption Passphrases are the same on all systems.
  2. The file encryption keys are the same on all systems.
  3. The systems are all registered to the same APPX customer.

If you have more than one APPX system and you do not want to be able to share encrypted files between the systems, then you should use different system Encryption Passphrases and different file encryption keys.

 

Recovery of Corrupted Encrypted Files

Encrypted files which have become corrupted may be recovered by using the "recover" option of the APPX Utility engine.  The recovery process for encrypted files is the same as the recovery process for non-encrypted files.  For additional information on the use of the recover option, you can run:

Line: 91 to 99
 You should keep a record of the system Encryption Passphrase and the Encryption Keys that have been entered in a secure location that can be accessed in the event that you need to reenter the information.  Once entered, the Encryption Passphrase and the Encryption Keys should not be needed again unless you find yourself in a situation where your System Administration files have become corrupted or lost and you cannot restore them from a backup.  You might also need this information to set up an additional APPX server that needs to be able to access encrypted data files that were created on another APPX server.  You will not be able to access your encrypted data files unless you are able to reenter the exact System Passphrase and the exact Encryption Keys that were used to create and process the encrypted data files.

In the unlikely event that you to find yourself in the situation where your encrypted files cannot be accessed because you are unable to correctly enter the necessary System Passphrase and Encryption Keys, you should contact APPX Software, Inc. for assistance with recovering the encrypted data.

Added:
>
>

Application Design Considerations

When an encrypted file is being opened, the APPX File Manager verifies that the system Encryption Passphrase and the encryption key that were used to create the file match the current system Encryption Passphrase and the current encryption key for the file.  If they do not match, the file open will fail.  The system File Status field is also set to "FI_CRYPT" indicating that the open failed because of an encryption mismatch.

 

Limitations:

  1. One-record APPXIO files cannot be encrypted.
  2. Fixed length consecutive APPXIO files cannot be encrypted.  Variable length consecutive APPXIO files may be encrypted.
Changed:
<
<

Issues:

  1. Need to verify that the encrypted passphase and the encrypted keys are being correctly stored in the file header.
  2. Default values can be corrupted in the encryption type field causing the engine to fail to encrypt the data.

Suggested Behavior:

>
>

Suggested Enhancements:

 
  1. If data is encrypted, a warning should be presented to the user prior to generating a new encryption key, or changing the System Parameter Pass Phrase. This could help prevent unintended data loss.
  2. When importing data into an newly encrypted state, we should either delete the PORTDATA or warn the user that the PORTDATA is unencrypted.
  3. When exported from an encrypted state to an unencrypted state, we should warn the user that the exported data is unencrypted.
Deleted:
<
<
  1. System Parameter Passphrase contents should not be displayed. Use asterisk instead.
 

Comments:

Read what other users have said about this page or add your own comments.

Revision 102008-09-23 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPXIO Data Encryption

Line: 7 to 7
 

Overview

Changed:
<
<		Release 5.0.0 or higher of the APPX Utility allows APPXIO data files to be optionally encrypted.  Encrypting data files can provide an added layer of security for sensitive data.  If an encrypted file is opened by any program other than APPX, the encrypted data is unintelligible.  This means that backup copies of encrypted files on tape or disk are also secure since they cannot be deciphered without the appropriate software and encryption keys.  If an encrypted data file is moved to another APPX server, it cannot be deciphered unless the APPX server is configured with the appropriate encryption keys and meets other necessary criteria.
>
>		Release 5.0.0 or higher of the APPX Utility allows APPXIO data files to be optionally encrypted.  Encrypted data files provide an added layer of security for sensitive data.  If an encrypted file is opened by any program other than APPX, the encrypted data is unintelligible.  This means that backup copies of encrypted files on tape or disk are also secure since they cannot be deciphered without the appropriate software and encryption keys.  If an encrypted data file is moved to another APPX server, it cannot be deciphered unless the APPX server is configured with the appropriate encryption keys and meets other necessary criteria.
 

How to Enable APPXIO File Encryption

Line: 18 to 18
  After entering a system Encryption Passphrase, exporting any existing files that are to be encrypted, and entering the appropriate encryption key(s), you must create any new files that are to be encrypted and, if encrypting any existing files, you must import them with the "Replace" option.
Changed:
<
<		So, the steps required to enable encryption of APPXIO data files are:
>
>		So, the basic steps required to enable encryption of APPXIO data files are:
 
  1. Enter a system Encryption Passphrase
  2. Export any existing files that are to be encrypted
  3. Enter the appropriate encryption keys for individual files and FMS groups as appropriate
Line: 43 to 43
 
  1. Export all of the encrypted APPXIO data files in all APPX databases.  The Export utility on the Database Management menu should be used to export the encrypted APPXIO data files.
  2. Use the System Parameters maintenance process in System Administration to change the system Encryption Passphrase.  The Set/Change Passphrase screen includes a report that can be run to obtain a list of all FMS groups and files which have been encrypted.  Use this list to verify that you have exported all of the encrypted files.
  3. Change all of the encryption keys that have been entered for individual files and for FMS groups.
Changed:
<
<
  1. Import all of the APPXIO data files that you exported in step 1.  Be sure to specify the "Replace" option for the data import.
>
>
  1. Import all of the APPXIO data files that you exported in step 2.  Be sure to specify the "Replace" option for the data import.
 

Enter/Edit File Encryption Keys

Line: 74 to 74
 

How to Encrypt an Existing File 

The following steps must be followed to encrypt an existing APPXIO file:

Changed:
<
<
  1. If APPXIO file encryption has not already been enabled on your system, first follow the steps for enabling APPXIO file encryption.
>
>
  1. If APPXIO file encryption has not already been enabled on your system, first follow the steps for enabling APPXIO file encryption.
 
  1. Export the file that is to be encrypted.  If the file has been created in more than one database, you must export each instance of the file that is to be encrypted.
  2. Enter the appropriate encryption key in the file specifications for the file that you wish to encrypt or assign the file to an FMS group that has an encryption key.
  3. Import the file.  Be sure to specify the "Replace" option when importing the file.

Revision 92008-09-23 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPXIO Data Encryption

Line: 8 to 8
 

Overview

Release 5.0.0 or higher of the APPX Utility allows APPXIO data files to be optionally encrypted.  Encrypting data files can provide an added layer of security for sensitive data.  If an encrypted file is opened by any program other than APPX, the encrypted data is unintelligible.  This means that backup copies of encrypted files on tape or disk are also secure since they cannot be deciphered without the appropriate software and encryption keys.  If an encrypted data file is moved to another APPX server, it cannot be deciphered unless the APPX server is configured with the appropriate encryption keys and meets other necessary criteria.

Added:
>
>
 

How to Enable APPXIO File Encryption

Changed:
<
<		The APPXIO file encryption feature is easily enabled by entering a passphrase into the Encryption Passphrase field of the System Parameter Record in APPX System Administration.
>
>		The APPXIO file encryption feature is easily enabled by entering a passphrase into the Encryption Passphrase field of the System Parameter Record in APPX System Administration.
 
Changed:
<
<		Setting the system Encryption Passphrase enables the APPXIO file encryption feature but does not actually cause any files to be encrypted.  To enable encryption of individual files, you must also enter an encryption key into the file specifications for each of the individual files that are to be encrypted or you must enter an encryption key into the FMS group specifications for each group of files that are to be encrypted.
>
>		Setting the system Encryption Passphrase "enables" the APPXIO file encryption feature but does not actually cause any files to be encrypted.  To "enable" encryption of individual files, you must also enter an encryption key into the file specifications for each of the individual files that are to be encrypted or you must enter an encryption key into the FMS group specifications for each group of files that are to be encrypted. However, if any existing files are to be encrypted, they must be exported before you enter any encryption keys.
 
Changed:
<
<		Finally, after entering a system Encryption Passphrase and entering the appropriate encryption key(s), you must create the files that are to be encrypted.  If the files already exist, they must be Initialized or Scratched and then Created. If existing files are to be encrypted, the data must be exported before entering the encryption keys and then imported.
>
>		After entering a system Encryption Passphrase, exporting any existing files that are to be encrypted, and entering the appropriate encryption key(s), you must create any new files that are to be encrypted and, if encrypting any existing files, you must import them with the "Replace" option.
 
Changed:
<
<		So, the three steps required to enable encryption of APPXIO data files are:
>
>		So, the steps required to enable encryption of APPXIO data files are:
 
  1. Enter a system Encryption Passphrase
Changed:
<
<
  1. Enter the appropriate encryption keys
  2. Create/Initialize the files that are to be encrypted
>
>
  1. Export any existing files that are to be encrypted
  2. Enter the appropriate encryption keys for individual files and FMS groups as appropriate
  3. Create any new files and import any existing files that are to be encrypted

 

How to Set or Change the System Encryption Passphrase

The system Encryption Passphrase can be set or changed from the System Parameter maintenance screen:

Line: 33 to 38
  If no data files have actually been encrypted, the system Encryption Passphrase may be safely changed.  However, if any data files have been encrypted, you must follow the steps outlined below to change the system Encryption Passphrase.  If you do not follow these steps, any previously encrypted data files will no longer be accessible by the system.
Changed:
<
<		 
>
>		 
 
  1. Make sure that no users are accessing the system  Do not attempt to change the system Encryption Passphrase while other users are accessing the system.
  2. Export all of the encrypted APPXIO data files in all APPX databases.  The Export utility on the Database Management menu should be used to export the encrypted APPXIO data files.
Changed:
<
<
  1. Use the System Parameters maintenance process in System Administration to change the system Encryption Passphrase.  The Set/Change Passphrase screen includes a report that can be run to obtain a list of all FMS groups and files which have been encrypted.  Use this list to verify that you have exported all of the encrypted files.
  2. Change all of the encryption keys that have been entered for individual files and for FMS groups.
>
>
  1. Use the System Parameters maintenance process in System Administration to change the system Encryption Passphrase.  The Set/Change Passphrase screen includes a report that can be run to obtain a list of all FMS groups and files which have been encrypted.  Use this list to verify that you have exported all of the encrypted files.
  2. Change all of the encryption keys that have been entered for individual files and for FMS groups.
 
  1. Import all of the APPXIO data files that you exported in step 1.  Be sure to specify the "Replace" option for the data import.
Changed:
<
<

How to Enter an Encryption Key For a File

>
>

Enter/Edit File Encryption Keys

 
Changed:
<
<		The encryption key for a specific file is entered in Database Management.
>
>		The encryption key for a specific file can be set or changed in Database Management.
 
Database Management --> File Specifications --> File Attributes

The same encryption key value can be entered for each file or each file can have its own unique encryption key.  An easy way to ensure that each file has a unique encryption key is to use the Random Key button to automatically generate a random key for the file.  If you choose to enter an encryption key, you should choose "strong" key values just as you would for a password.  This means that your key should not be a common name or word, should include a mixture of letters, numbers, and special characters, and should be more than a few characters in length.

Changed:
<
<		FileEncryptionKey.PNG
>
>		FileEncryptionKey.PNG
 
Changed:
<
<		 

How to Enter an Encryption Key for a FMS group

>
>

Enter/Edit FMS Group Encryption Keys

  The encryption key for a FMS group is entered in System Administration.
System Administration --> Configuration --> File System Groups --> FMS Group Attributes
Line: 59 to 65
 FMSGroupEncryptionKey.PNG

How to Create A New Encrypted File

Changed:
<
<		The following steps must be followed to encrypt a new file.
>
>		The following steps should be followed to encrypt a new file.
  1. If APPXIO file encryption has not already been enabled on your system, first follow the steps for enabling APPXIO file encryption.
 
  1. Add the file to the data dictionary in your APPX Application.
Changed:
<
<
  1.  
>
>
  1. Enter the appropriate encryption key in the file specifications for the file that you wish to encrypt or assign the file to an FMS group that has an encryption key.
  2. Create the file. 
 

How to Encrypt an Existing File 

The following steps must be followed to encrypt an existing APPXIO file:

Changed:
<
<
  1. Export the APPXIO data file
  2. Assign an FMS group that has encryption specified to the

If the file already exists in an unencrypted state, you should first export the data.

To encrypt a file, you must first enter a passphrase in your system admin parameter record.

Then, you must enter encryption keys in the file specification for the file that you wish to encrypt or define an FMS group with encryption keys and assign the FMS group to the file that you wish to encrypt.

Then you can create the file or, if the file already exists, you can import the data that you previously exported.  If you import, be sure to specify the replace option so that the old file will be scratched and recreated as an encrypted file.

How to Disable APPXIO File Encryption

>
>
  1. If APPXIO file encryption has not already been enabled on your system, first follow the steps for enabling APPXIO file encryption.
  2. Export the file that is to be encrypted.  If the file has been created in more than one database, you must export each instance of the file that is to be encrypted.
  3. Enter the appropriate encryption key in the file specifications for the file that you wish to encrypt or assign the file to an FMS group that has an encryption key.
  4. Import the file.  Be sure to specify the "Replace" option when importing the file.

How to Decrypt an Encrypted File

 

Sharing of Encrypted Files

Encrypted files are secure.  If you copy them to another APPX system you will not be able to read them unless you use the same encryption keys that were used on the system that created the file and the same passphrase.

Recovery of Corrupted Encrypted Files

Changed:
<
<		Encrypted files which have become corrupted may be recovered by using the "recover" option of the APPX Utility engine.  The recovery process for encrypted files is the same as the recovery process for non-encrypted files.
appx -recover [ -c ] old_file new_file [ del_rec_file ]

For additional information on the use of the recover option, you can run:

>
>		Encrypted files which have become corrupted may be recovered by using the "recover" option of the APPX Utility engine.  The recovery process for encrypted files is the same as the recovery process for non-encrypted files.  For additional information on the use of the recover option, you can run:
 
appx -recover

Recovery of Undecipherable Encrypted Files

Line: 110 to 110
  -- AlKalter - 04 Apr 2008
Deleted:
<
<
 
META FILEATTACHMENT attachment="SystemParameters5.0.0.PNG" attr="h" comment="System Parameters Maintenance" date="1222092657" name="SystemParameters5.0.0.PNG" path="C:\Documents and Settings\steve\My Documents\My Pictures\SystemParameters5.0.0.PNG" size="34315" stream="C:\Documents and Settings\steve\My Documents\My Pictures\SystemParameters5.0.0.PNG" user="Main.SteveFrizzell" version="1"
META FILEATTACHMENT attachment="Set-ChangePassphrase5.0.0.PNG" attr="h" comment="Set/Change Encryption Passphrase" date="1222092704" name="Set-ChangePassphrase5.0.0.PNG" path="C:\Documents and Settings\steve\My Documents\My Pictures\Set-ChangePassphrase5.0.0.PNG" size="35688" stream="C:\Documents and Settings\steve\My Documents\My Pictures\Set-ChangePassphrase5.0.0.PNG" user="Main.SteveFrizzell" version="1"
META FILEATTACHMENT attachment="FileEncryptionKey.PNG" attr="h" comment="Enter or Generate Encryption Key for File" date="1222110751" name="FileEncryptionKey.PNG" path="C:\Documents and Settings\steve\My Documents\My Pictures\FileEncryptionKey.PNG" size="31424" stream="C:\Documents and Settings\steve\My Documents\My Pictures\FileEncryptionKey.PNG" user="Main.SteveFrizzell" version="1"

Revision 82008-09-22 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"
Added:
>
>
 

APPXIO Data Encryption

Changed:
<
<		Encryption of APPXIO data is now an available option at the System, Database, Application, and File levels.
>
>		Effective with Release 5.0.0, the APPX Utility includes an option to encrypt APPXIO data files.
 
Changed:
<
<

How to encrypt a file

>
>

Overview

Release 5.0.0 or higher of the APPX Utility allows APPXIO data files to be optionally encrypted.  Encrypting data files can provide an added layer of security for sensitive data.  If an encrypted file is opened by any program other than APPX, the encrypted data is unintelligible.  This means that backup copies of encrypted files on tape or disk are also secure since they cannot be deciphered without the appropriate software and encryption keys.  If an encrypted data file is moved to another APPX server, it cannot be deciphered unless the APPX server is configured with the appropriate encryption keys and meets other necessary criteria.

How to Enable APPXIO File Encryption

The APPXIO file encryption feature is easily enabled by entering a passphrase into the Encryption Passphrase field of the System Parameter Record in APPX System Administration.

Setting the system Encryption Passphrase enables the APPXIO file encryption feature but does not actually cause any files to be encrypted.  To enable encryption of individual files, you must also enter an encryption key into the file specifications for each of the individual files that are to be encrypted or you must enter an encryption key into the FMS group specifications for each group of files that are to be encrypted.

Finally, after entering a system Encryption Passphrase and entering the appropriate encryption key(s), you must create the files that are to be encrypted.  If the files already exist, they must be Initialized or Scratched and then Created. If existing files are to be encrypted, the data must be exported before entering the encryption keys and then imported.

So, the three steps required to enable encryption of APPXIO data files are:

  1. Enter a system Encryption Passphrase
  2. Enter the appropriate encryption keys
  3. Create/Initialize the files that are to be encrypted

How to Set or Change the System Encryption Passphrase

The system Encryption Passphrase can be set or changed from the System Parameter maintenance screen:

System Administration --> System Setup --> System Parameters

SystemParameters5.0.0.PNG

To set the system Encryption Passphrase, you must click on the "Change" button next to the Encryption Passphrase field.  You will then be presented with the following form which will allow you to set the system Encryption Passphrase.

Set-ChangePassphrase5.0.0.PNG

If no data files have actually been encrypted, the system Encryption Passphrase may be safely changed.  However, if any data files have been encrypted, you must follow the steps outlined below to change the system Encryption Passphrase.  If you do not follow these steps, any previously encrypted data files will no longer be accessible by the system.

 

  1. Make sure that no users are accessing the system  Do not attempt to change the system Encryption Passphrase while other users are accessing the system.
  2. Export all of the encrypted APPXIO data files in all APPX databases.  The Export utility on the Database Management menu should be used to export the encrypted APPXIO data files.
  3. Use the System Parameters maintenance process in System Administration to change the system Encryption Passphrase.  The Set/Change Passphrase screen includes a report that can be run to obtain a list of all FMS groups and files which have been encrypted.  Use this list to verify that you have exported all of the encrypted files.
  4. Change all of the encryption keys that have been entered for individual files and for FMS groups.
  5. Import all of the APPXIO data files that you exported in step 1.  Be sure to specify the "Replace" option for the data import.

How to Enter an Encryption Key For a File

The encryption key for a specific file is entered in Database Management.

Database Management --> File Specifications --> File Attributes

The same encryption key value can be entered for each file or each file can have its own unique encryption key.  An easy way to ensure that each file has a unique encryption key is to use the Random Key button to automatically generate a random key for the file.  If you choose to enter an encryption key, you should choose "strong" key values just as you would for a password.  This means that your key should not be a common name or word, should include a mixture of letters, numbers, and special characters, and should be more than a few characters in length.

FileEncryptionKey.PNG

 

How to Enter an Encryption Key for a FMS group

The encryption key for a FMS group is entered in System Administration.

System Administration --> Configuration --> File System Groups --> FMS Group Attributes

The same encryption key value can be entered for each FMS Group or each FMS Group can have its own unique encryption key.  An easy way to ensure that each FMS Group has a unique encryption key is to use the Random Key button to automatically generate a random key for the FMS Group.  If you choose to enter an encryption key, you should choose "strong" key values just as you would for a password.  This means that your key should not be a common name or word, should include a mixture of letters, numbers, and special characters, and should be more than a few characters in length.

FMSGroupEncryptionKey.PNG

How to Create A New Encrypted File

The following steps must be followed to encrypt a new file.

  1. Add the file to the data dictionary in your APPX Application.
  2.  

How to Encrypt an Existing File 

The following steps must be followed to encrypt an existing APPXIO file:

  1. Export the APPXIO data file
  2. Assign an FMS group that has encryption specified to the
  If the file already exists in an unencrypted state, you should first export the data.
Line: 13 to 75
 Then, you must enter encryption keys in the file specification for the file that you wish to encrypt or define an FMS group with encryption keys and assign the FMS group to the file that you wish to encrypt.

Then you can create the file or, if the file already exists, you can import the data that you previously exported.  If you import, be sure to specify the replace option so that the old file will be scratched and recreated as an encrypted file.

Changed:
<
<

Sharing Encrypted Files

>
>

How to Disable APPXIO File Encryption

Sharing of Encrypted Files

  Encrypted files are secure.  If you copy them to another APPX system you will not be able to read them unless you use the same encryption keys that were used on the system that created the file and the same passphrase.
Added:
>
>

Recovery of Corrupted Encrypted Files

Encrypted files which have become corrupted may be recovered by using the "recover" option of the APPX Utility engine.  The recovery process for encrypted files is the same as the recovery process for non-encrypted files.

appx -recover [ -c ] old_file new_file [ del_rec_file ]

For additional information on the use of the recover option, you can run:

appx -recover

Recovery of Undecipherable Encrypted Files

You should keep a record of the system Encryption Passphrase and the Encryption Keys that have been entered in a secure location that can be accessed in the event that you need to reenter the information.  Once entered, the Encryption Passphrase and the Encryption Keys should not be needed again unless you find yourself in a situation where your System Administration files have become corrupted or lost and you cannot restore them from a backup.  You might also need this information to set up an additional APPX server that needs to be able to access encrypted data files that were created on another APPX server.  You will not be able to access your encrypted data files unless you are able to reenter the exact System Passphrase and the exact Encryption Keys that were used to create and process the encrypted data files.

In the unlikely event that you to find yourself in the situation where your encrypted files cannot be accessed because you are unable to correctly enter the necessary System Passphrase and Encryption Keys, you should contact APPX Software, Inc. for assistance with recovering the encrypted data.

Limitations:

  1. One-record APPXIO files cannot be encrypted.
  2. Fixed length consecutive APPXIO files cannot be encrypted.  Variable length consecutive APPXIO files may be encrypted.
 

Issues:

  1. Need to verify that the encrypted passphase and the encrypted keys are being correctly stored in the file header.
  2. Default values can be corrupted in the encryption type field causing the engine to fail to encrypt the data.
Line: 30 to 109
 
<--/commentPlugin-->

-- AlKalter - 04 Apr 2008 \ No newline at end of file

Added:
>
>

META FILEATTACHMENT attachment="SystemParameters5.0.0.PNG" attr="h" comment="System Parameters Maintenance" date="1222092657" name="SystemParameters5.0.0.PNG" path="C:\Documents and Settings\steve\My Documents\My Pictures\SystemParameters5.0.0.PNG" size="34315" stream="C:\Documents and Settings\steve\My Documents\My Pictures\SystemParameters5.0.0.PNG" user="Main.SteveFrizzell" version="1"
META FILEATTACHMENT attachment="Set-ChangePassphrase5.0.0.PNG" attr="h" comment="Set/Change Encryption Passphrase" date="1222092704" name="Set-ChangePassphrase5.0.0.PNG" path="C:\Documents and Settings\steve\My Documents\My Pictures\Set-ChangePassphrase5.0.0.PNG" size="35688" stream="C:\Documents and Settings\steve\My Documents\My Pictures\Set-ChangePassphrase5.0.0.PNG" user="Main.SteveFrizzell" version="1"
META FILEATTACHMENT attachment="FileEncryptionKey.PNG" attr="h" comment="Enter or Generate Encryption Key for File" date="1222110751" name="FileEncryptionKey.PNG" path="C:\Documents and Settings\steve\My Documents\My Pictures\FileEncryptionKey.PNG" size="31424" stream="C:\Documents and Settings\steve\My Documents\My Pictures\FileEncryptionKey.PNG" user="Main.SteveFrizzell" version="1"
META FILEATTACHMENT attachment="FMSGroupEncryptionKey.PNG" attr="h" comment="Enter or Generate Encryption Key for FMS Group" date="1222113309" name="FMSGroupEncryptionKey.PNG" path="C:\Documents and Settings\steve\My Documents\My Pictures\FMSGroupEncryptionKey.PNG" size="32259" stream="C:\Documents and Settings\steve\My Documents\My Pictures\FMSGroupEncryptionKey.PNG" user="Main.SteveFrizzell" version="1"

Revision 72008-09-15 - SteveFrizzell

Line: 1 to 1
Changed:
<
<
META TOPICPARENT name="APPX43Features"
>
>
META TOPICPARENT name="APPX500Features"
 

APPXIO Data Encryption

Encryption of APPXIO data is now an available option at the System, Database, Application, and File levels.

Revision 62008-06-27 - JoeOrtagus

Line: 1 to 1
 
META TOPICPARENT name="APPX43Features"

APPXIO Data Encryption

Encryption of APPXIO data is now an available option at the System, Database, Application, and File levels.
Line: 19 to 19
 

Issues:

  1. Need to verify that the encrypted passphase and the encrypted keys are being correctly stored in the file header.
  2. Default values can be corrupted in the encryption type field causing the engine to fail to encrypt the data.
Deleted:
<
<
  1.  
 

Suggested Behavior:

  1. If data is encrypted, a warning should be presented to the user prior to generating a new encryption key, or changing the System Parameter Pass Phrase. This could help prevent unintended data loss.
  2. When importing data into an newly encrypted state, we should either delete the PORTDATA or warn the user that the PORTDATA is unencrypted.
  3. When exported from an encrypted state to an unencrypted state, we should warn the user that the exported data is unencrypted.
Added:
>
>
  1. System Parameter Passphrase contents should not be displayed. Use asterisk instead.
 

Comments:

Read what other users have said about this page or add your own comments.

Revision 52008-06-19 - JoeOrtagus

Line: 1 to 1
 
META TOPICPARENT name="APPX43Features"
Deleted:
<
<
 

APPXIO Data Encryption

Encryption of APPXIO data is now an available option at the System, Database, Application, and File levels.
Line: 21 to 20
 
  1. Need to verify that the encrypted passphase and the encrypted keys are being correctly stored in the file header.
  2. Default values can be corrupted in the encryption type field causing the engine to fail to encrypt the data.
  3.  
Added:
>
>

Suggested Behavior:

  1. If data is encrypted, a warning should be presented to the user prior to generating a new encryption key, or changing the System Parameter Pass Phrase. This could help prevent unintended data loss.
  2. When importing data into an newly encrypted state, we should either delete the PORTDATA or warn the user that the PORTDATA is unencrypted.
  3. When exported from an encrypted state to an unencrypted state, we should warn the user that the exported data is unencrypted.
 

Comments:

Read what other users have said about this page or add your own comments.

Revision 42008-06-19 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX43Features"
Added:
>
>
 

APPXIO Data Encryption

Encryption of APPXIO data is now an available option at the System, Database, Application, and File levels.
Line: 13 to 14
 Then, you must enter encryption keys in the file specification for the file that you wish to encrypt or define an FMS group with encryption keys and assign the FMS group to the file that you wish to encrypt.

Then you can create the file or, if the file already exists, you can import the data that you previously exported.  If you import, be sure to specify the replace option so that the old file will be scratched and recreated as an encrypted file.

Added:
>
>

Sharing Encrypted Files

Encrypted files are secure.  If you copy them to another APPX system you will not be able to read them unless you use the same encryption keys that were used on the system that created the file and the same passphrase.

 

Issues:

  1. Need to verify that the encrypted passphase and the encrypted keys are being correctly stored in the file header.
  2. Default values can be corrupted in the encryption type field causing the engine to fail to encrypt the data.
  3.  
Deleted:
<
<

Suggested Behavior:

  1. If data is encrypted, a warning should be presented to the user prior to generating a new encryption key, or changing the System Parameter Pass Phrase. This would prevent data loss.
  2. When importing data into an newly encrypted state, we should either delete the PORTDATA or warn the user that the PORTDATA is unencrypted.
  3. When exported from an encrypted state to an unencrypted state, we should warn the user that the exported data is unencrypted.
 

Comments:

Read what other users have said about this page or add your own comments.

Revision 32008-06-19 - JoeOrtagus

Line: 1 to 1
 
META TOPICPARENT name="APPX43Features"
Deleted:
<
<
 

APPXIO Data Encryption

Encryption of APPXIO data is now an available option at the System, Database, Application, and File levels.
Line: 18 to 17
 
  1. Need to verify that the encrypted passphase and the encrypted keys are being correctly stored in the file header.
  2. Default values can be corrupted in the encryption type field causing the engine to fail to encrypt the data.
  3.  
Added:
>
>

Suggested Behavior:

  1. If data is encrypted, a warning should be presented to the user prior to generating a new encryption key, or changing the System Parameter Pass Phrase. This would prevent data loss.
  2. When importing data into an newly encrypted state, we should either delete the PORTDATA or warn the user that the PORTDATA is unencrypted.
  3. When exported from an encrypted state to an unencrypted state, we should warn the user that the exported data is unencrypted.
 

Comments:

Read what other users have said about this page or add your own comments.

Revision 22008-06-19 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX43Features"

APPXIO Data Encryption

Encryption of APPXIO data is now an available option at the System, Database, Application, and File levels.
Added:
>
>

How to encrypt a file

If the file already exists in an unencrypted state, you should first export the data.

To encrypt a file, you must first enter a passphrase in your system admin parameter record.

Then, you must enter encryption keys in the file specification for the file that you wish to encrypt or define an FMS group with encryption keys and assign the FMS group to the file that you wish to encrypt.

Then you can create the file or, if the file already exists, you can import the data that you previously exported.  If you import, be sure to specify the replace option so that the old file will be scratched and recreated as an encrypted file.

Issues:

  1. Need to verify that the encrypted passphase and the encrypted keys are being correctly stored in the file header.
  2. Default values can be corrupted in the encryption type field causing the engine to fail to encrypt the data.
  3.  
 

Comments:

Read what other users have said about this page or add your own comments.

Revision 12008-04-04 - AlKalter

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="APPX43Features"

APPXIO Data Encryption

Encryption of APPXIO data is now an available option at the System, Database, Application, and File levels.

Comments:

Read what other users have said about this page or add your own comments. 
<--/commentPlugin-->

-- AlKalter - 04 Apr 2008

View topic | History: r13 < r12 < r11 < r10 | More topic actions...
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback