cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

How to change from simple to strong encrytion for old SQL Remote logs?

Go to solution
VolkerBarth
Contributor

on ‎2011 Apr 15 11:06 AM

3,686

When moving from ASA 8.0.3 to 12.0.1, I'm also moving from simple to strong encryption. That works fine for the database files (i.e. .db and .log) simply by unloading into a database created with DBINIT -ea -ek.

However, as I'm using SQL Remote and have a bunch of old v8 offline logs, I have to encrypt these old logs, too. And that's where I'm totally stuck:

  1. Trying to use CREATE ENCRYPTED FILE with v12 doesn't work: It tells me (with error -895) that the log has been created with a different software version and cannot be used with v12. - Alright, that's the pre-v10 old file format problem, I guess.
  2. Trying to use CREATE ENCRYPTED FILE with v8 doesn't work, either: It tells me that the file is already encrypted (which is partly true - it's obfuscated, aka simple encryption). And
  3. So I tried to decrypt the log files beforehand with CREATE DECRYPTED FILE with v8. But that doesn't seem to work, either, as there's no syntax to specify that only simple encryption is used.

So how can I change the old v8 logs from simple to strong encryption?

(Sidenote: That does not feel like simple encryption at all...)

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
VolkerBarth
Contributor
‎2011 Apr 15 11:14 AM
0 Kudos

Reg is here - that looks perfect...

VolkerBarth
Contributor
‎2011 Apr 15 12:16 PM
0 Kudos

Further testing shows that v12's CREATE ENCRYPTED FILE statement is able to encrypt simply encrypted files where v8's version seems not able to.

I'm trying with v9 now - hoping that can handle v8 log files...

VolkerBarth
Contributor
‎2011 Apr 15 12:37 PM
0 Kudos

No luck. SA 9.0.2.3951 (which is the latest EBF, AFAIK) can handle v8 log files but cannot encrypt simply encrypted files, either.

Accepted Solutions (1)

Accepted Solutions (1)

graeme_perrow
Advisor
Advisor
‎2011 Apr 15 12:58 PM

You might be out of luck. Version 8 and 9 cannot convert a simple-encrypted file into a strongly-encrypted file. V10 and up can do it, but as you said they can't read the v8 format. I have no idea why I added this limitation because it should certainly be possible. And because v8 and v9 are EOL, I can't just go back and fix it.

I'll think about it some more and see if I can figure out a solution.

Show replies
Show replies
VolkerBarth
Contributor
‎2011 Apr 15 1:11 PM
0 Kudos

Graeme, I'm just asking w.r.t. to old SQL Remote logs. I had asked a while ago in the newsgroups whether old logs must be encrypted with the same key as the current database, and I was told that this is necessary. So I concluded that I have to encrypt those old logs, too.

But I've just done a test where a v8 remote has incidentally lost an older message file, and the v12 cons (using strong encryption) has to resend contents from those old obfuscated v8 logs. And that seems to be possible without any problems.

Therefore I hope you won't have to investigate further in that respect - I'm gonna raise another SQL Remote question instead...

Answers (0)

Ask a Question