Develop > Tailoring > Data management > Data Policy > Data Policy and encryption > Change the encryption key value

Change the encryption key value

You can set the KEY value that encrypts data on your system with the encryptionkey parameter in the sm.ini file. This field must be exactly 8 bytes in length. If you change the KEY value, then every field in every file must be checked and re-encrypted. Changing the KEY value results in a significant performance hit to the system while re-encryption takes place.

To change the encryption key value, perform the following steps:

  1. Shut down the Service Manager server.
  2. Restart Service Manager from the command line using the changeencrkey parameter. For example, sm -changeencrkey:XXXX where XXXX is the new 8-byte key.

    Starting Service Manager in this way decrypts all encrypted fields using the key defined in the sm.ini file and then re-encrypts those fields using the key specified in the command line parameter changeencrkey. The length of time the conversion takes depends on the size of the database and the number of encrypted tables. You need to update your sm.ini file to the new key immediately after performing this action.

Caution: Encrypting SQL data that is already mapped will increase the size of the data. Therefore, the existing SQL mapping and column definition may not provide enough space to store the whole encrypted value. Be sure to change the SQL data type to accommodate the new column size. If the encrypted value gets truncated, the value can no longer be decrypted.

Use this formula to calculate the new column length:

encrypted_length = (unencrypted_length + 12) * 2.

Related concepts

Environment configuration
Data Policy
Data Policy expressions
Data Policy and the object record
Data Policy and encryption

Related tasks

Access Data Policy
Change the columns in a record list
Example: Create and manage a revision
Create a Data Policy revision