The Encryption profile allows you to set an encryption algorithm for 128-bit encryption for selected tables in your RecTrac database. Encrypted database fields are as follows:
- CYStaffProvider.TaxID
- CYStaffProvider.SocialSecurityNumber
- EPayInfo.AccountNumber
- EPayInfo.RoutingNumber
- SASecurityfile.Password = encoded then encrypted
- SASecurity.PasswordList = encoded then encrypted (this is done by default as the password is added to the password list)
- SAPerson.SocialSecurityNumber
- SAStaff.SocialSecurityNumber
- SAStaff.TaxID
- SASystemCode.FTPPassword
- WebUserName.Password = encoded then encrypted
- WebUserName.PasswordList = encoded then encrypted (this is done by default as the password is added to the password list)
Here are the encrypted values stored in the SAProfile.ProfileDetails field:
- MerchantAccountPassword on WebXPress profile.
- MasterKey on ETS profile.
- MerchantPassword on CardConnect profile.
- PWCAPIPassword on Verifone profile.
- StoreKey on PStars profile.
- ERCustomerPassword on eRange profile.
Progress OpenEdge 11.7 supports 20 built-in standard encryption algorithms. These encryption algorithms are user selectable.
One (1) Encryption profile only is allowed per database tenant. You do NOT link an Encryption profile anywhere. The profile is created with the 3.1 Install and exists in Profile Management using Standard VSI Encryption. If you desire a higher encryption level, you can modify the profile.
Changes to the Encryption profile are incorporated into your database as a Scheduled Event that the system creates and runs automatically at 1:30am. The system provides the option to run a backup of your database prior to applying your changes. VSI recommends selecting the backup option.
See Also: Topic Doc - Encryption.
Making changes to a profile is an Audited Event. Additionally, Linking, Removing, Purging, and Cloning profiles are also Audited Events.
See Also: Topic Doc - RecTrac Profile Assignments Screen, Hierarchy Guide, and Profile Listing.
See Also: Video - Profile Review
SAProfile_Encryption_Encryption_Tab1
Use VSI Encryption (SAProfileDetails_UseVSIEncryption)
Selecting this option will provide the default hard-coded base 36 algorithm encryption. Refer to the Encryption documentation link at the top of this page for further information on encryption methods in RecTrac.
Deselect the Use VSI Encryption option if you want to use an encryption method other than the Vermont Systems standard encryption method. If you deselect this option, the Encryption Password, Encryption Algorithm, Encryption Hash Algorithm, and Encryption Rounds fields will become active.
DeleteEncryption Password (SAProfileDetails_EncryptionPassword)
Enter a password that will be used to make your encrypted data unique.
Passwords are masked in RecTrac. Passwords in RecTrac appear either as a series of pipes" or dots in password fields (i.e. | | | | | or •••••).There is no Permission that allows you to see an actual password. There is no Report in RecTrac that will display a password.
Additionally RecTrac user passwords and WebTrac user passwords are encrypted based on the configuration settings as maintained on your Encryption profile.
DeleteEncryption Algorithm (SAProfileDetails_EncryptionAlgorithm)
This field is applicable only if you opt NOT to Use VSI Encryption
Select the Encryption Algorithm you wish to use.
Encryption methods listed here are industry standard. Their functionality advantages and limitations can be easily researched online. Click here for one such example.
DeleteEncryption Hash Algorithm (SAProfileDetails_EncryptionHashAlgorithm)
This field is applicable only if you opt NOT to Use VSI Encryption
Select the Encryption Hash Algorithm you want to use.
- MDS - RSA Message Digest hash Algorithm
-
SHA-1 - Secure Hash Algorithm designed by the United States National Security Agency.
Note: SHA-1 has been deprecated. Most major browsers (Microsoft Google Apple and Mozilla) no longer accept SHA-1
- SHA-256 - Secure Hash Algorithm designed by the United States National Security Agency.
- SHA-512 - Secure Hash Algorithm designed by the United States National Security Agency.
Encryption methods listed here are industry standard. Their functionality advantages and limitations can be easily researched online. Click here for one such example.
DeleteEncryption Rounds (SAProfileDetails_EncryptionRounds)
This field is applicable only if you opt NOT to Use VSI Encryption
Enter a value equal to or greater than 1000 in this field.
Many ciphers are defined by specifying a round and then running that specification multiple times. For Example in AES a round consists of the operations SubBytes ShiftRows MixColumns and AddRoundKey. That is one round and to get AES you run that multiple times (plus some setup and some post-processing).
Thus a round is defined by each cipher and typically consists of a number of building blocks that are composed together to create a function that is run multiple times.
DeletePrevUseVSIEncryption (SAProfileDetails_PrevUseVSIEncryption)
This field is not visible on the profile.
DeletePrevEncryptionPassword (SAProfileDetails_PrevEncryptionPassword)
This field is not visible on the profile.
DeletePrevEncryptionAlgorithm (SAProfileDetails_PrevEncryptionAlgorithm)
This field is not visible on the profile.
DeletePrevEncryptionHashAlgorithm (SAProfileDetails_PrevEncryptionHashAlgorithm)
This field is not visible on the profile.
DeletePrevEncryptionRounds (SAProfileDetails_PrevEncryptionRounds)
This field is not visible on the profile.
DeletePrevEncryptionSalt (SAProfileDetails_PrevEncryptionSalt)
This field is not visible on the profile.
Delete