cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Hybris TAE on already existing un-encrypted data

Go to solution
Former Member

on ‎2018 Oct 19 2:53 PM

1,353

Hi all,

I have a question regarding the Hybris TAE (transparent attribute encryption): Is it possible to apply encryption an already existing un-encrypted plaintext data (via encrypted=true in items.xml) or is it necessary to manually encrypt the data as preprocessing according to TAE's standard before applying encrypted=true?

I wasn't able to find an answer to this (maybe because the answer is absolutely obvious?)

Thanks in advance for your answer.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

arvind-kumar_avinash
Active Contributor
‎2018 Oct 19 4:26 PM

The TAE mechanism encrypts attribute values on-the-fly when writing to the database and decrypts on-the-fly when reading from the database. Activating encryption for an attribute in items.xml will make sure that whenever any value for this attribute will be saved to the database, it will be encrypted but it will not encrypt the existing data of the attribute automatically. However, it is just a matter of one click to encrypt the existing data 🙂

Go to https://localhost:9002/maintain/keys (i.e. in hAC, Maintenance>Encryption Keys) > Migration and click the button, Migrate. That's it. All the existing data of this attribute (for which you just enabled encryption by declaring encrypted=true in the items.xml) will be encrypted.

I just tested it and it worked without any issue.

Note:

  1. Make sure to rebuild and update your application by selecting only Update running system and your-extension-name at https://localhost:9002/platform/update after you declare encrypted=true in the items.xml.

  2. Before you click the Migrate button, on the same page, you can find the number of instances of this Type. If there is/are any existing encrypted value(s), it/they will not be impacted.

Show replies
Show replies
x1111111111
Participant
‎2020 Apr 09 9:52 AM
0 Kudos

arvind-kumar-avinash does Migration will work with already encrypted attributes with some differenct encoding mechanism ?

Answers (2)

Answers (2)

Former Member
‎2018 Oct 22 11:12 AM
0 Kudos

Many thanks for the detailed answers! :)

Show replies
Show replies
arvind-kumar_avinash
Active Contributor
‎2018 Oct 22 11:32 AM
0 Kudos

You are most welcome.

geffchang
Active Contributor
‎2018 Oct 19 3:40 PM
0 Kudos

My assumption is that existing data will not be encrypted, and you will need to encrypt it manually, or wait for the the next opportunity to update the data.

Not related to TAE, but my experience with User passwords was like this. Originally, the password configuration was unencrypted. When we changed the password to be encrypted, only newly-created Users had encrypted passwords. The existing users still had unencrypted passwords. However, the old Users could change their passwords to be encrypted.

Show replies
Show replies
Ask a Question