Skip to main content

Welcome to the Cyara Knowledge Center

Search

Encrypting/Decrypting the Database

Updated: tech writers Edited:

The Cyara encryption tool (Cyara.Database.Utils.Encryption.Tool.exe file) is used to enable the encryption of potentially sensitive database fields when the value is set. This tool is also used to enable decryption of the data when the database fields are retrieved.

When you install the Cyara Database Utilities installer, the encryption utility tool is also installed. Refer to the Deployment Guide for installation steps. After you install the tool, certain configuration changes need to be made to encrypt or decrypt the database.

The Cyara.Database.Utils.Encryption.Tool.exe file can run using options/parameters from its configuration file.

Encrypting the Database

To encrypt the database, perform the following:

  1. Shut down the Services
  2. Edit the Cyara encryption tool configuration file
  3. Run the Cyara encryption tool
Shut Down the Services

Before encrypting the database, you must shut down the Cyara Web Portal, Voice Scheduler, and Omni Scheduler. It is critical that the Cyara Web Portal, Voice Scheduler, and Omni Scheduler remain offline until the encryption process is complete.

Edit the Cyara Encryption Tool Configuration File

Before editing the configuration file of the tool, you need to obtain the values for the Certificate Name and Thumbprint fields.

Refer to the Obtaining the Certificate Name and Thumbprint Values section to obtain the Certificate Name and Thumbprint field values.

  1. In the Cyara.Database.Utils.Encryption.Tool.exe.config file, update the keys in the <EncryptionSettings.UniqueCertificateName> section with the values for those keys with the customer-specific details. 
    <!-- Database encryption settings. These settings are ignored unless database encryption is licensed. -->
<!-- EncryptionSettings.UniqueCertificateName - Distinguished name for the X.509 Certificate used with Database Encryption (e.g. "CN = CyaraPlatformEncryptionExample"). No default. -->
<add key="EncryptionSettings.UniqueCertificateName" value="CN = CyaraPlatformEncryptionExample" />

<!-- EncryptionSettings.CertificateThumbprint - Certificate thumbprint to use for encrypting (used with X.509). (e.g. "6f 54 7c 48 87 bb 8f 8c 71 3f fb 50 f9 9b 5c 4c 8f dd 85 3f"). No default. -->
<add key="EncryptionSettings.CertificateThumbprint" value="‎6f 54 7c 48 87 bb 8f 8c 71 3f fb 50 f9 9b 5c 4c 8f dd 85 3f" />

<!-- EncryptionSettings.MachineCertificate - Whether to use the Local Computer key container (as opposed to the Current User key container). True will select the Local Computer key container. Defaults to True. -->
<add key="EncryptionSettings.MachineCertificate" value="True" />

<!-- EncryptionSettings.Cipher - The Cipher to use. Valid values are: None, X509, UTF8, AESplusX509. Defaults to None. -->
<add key="EncryptionSettings.Cipher" value="AESplusX509" />

  2. Update the <connectionStrings> section with the connection details for the Microsoft SQL Server database if the details entered during setup were incorrect or have changed. 

    <connectionStrings>
    <add name="DefaultContext" connectionString="DATA SOURCE= db_host_ip;INITIAL CATALOG= 
    cyaradb;USER ID=cyaraportal;PASSWORD=password;PERSIST SECURITY INFO=True" providerName=
    "System.Data.SqlClient"/>
</connectionStrings>
  3. Save the Cyara.Database.Utils.Encryption.Tool.exe.config file with these changes.

Run the Cyara Encryption Tool

To encrypt the database, use the following command line syntax:

Cyara.Database.Utils.Encryption.Tool.exe -e

or

Cyara.Database.Utils.Encryption.Tool.exe --encrypt

Decrypting the Database

To decrypt the database, perform the following:
  1. Shut down the Services
  2. Verify the encryption configuration settings
  3. Run the Cyara encryption tool
  4. Remove the encryption configuration settings
Shut Down the Services

Before decrypting the database, you must shut down the Cyara Web Portal, Voice Scheduler, and Omni Scheduler. It is critical that the Cyara Web Portal, Voice Scheduler, and Omni Scheduler remain offline until the decryption process is complete.

Verify Encryption Configuration Settings

Before decrypting, the most important thing is that the configuration settings must match those used to encrypt (or partially encrypt) the database. If the database is fully encrypted, the encryption configuration settings must match with the Cyara Web Portal, Voice Scheduler, and Omni Scheduler configuration files.

  1. Verify and ensure that the encryption configuration settings of the Cyara.Database.Utils.Encryption.Tool.exe.config file match with the web.config file.
  2. Verify and ensure that the encryption configuration settings of the Cyara.Database.Utils.Encryption.Tool.exe.config file match with the Cyara.Voice.Scheduler.exe.config file.
  3. Verify and ensure that the encryption configuration settings of the Cyara.Database.Utils.Encryption.Tool.exe.config file match with the Cyara.Scheduler.Host.exe.config file.
Run the Cyara Encryption Tool

To decrypt the database, use the following command line syntax:

Cyara.Database.Utils.Encryption.Tool.exe -d

or

Cyara.Database.Utils.Encryption.Tool.exe --decrypt

Remove the Encryption Configuration Settings

Remove the encryption settings from the Cyara Web Portal, Voice Scheduler, and Omni Scheduler.

Cyara Web Portal
  1. In the web.config file, remove the values of the <EncryptionSettings.UniqueCertificateName> section and update the keys as: 
    <!-- EncryptionSettings.UniqueCertificateName - Distinguished name for the X.509 Certificate used with Database Encryption (e.g. "CN = CyaraPlatformEncryptionExample"). No default. -->
<add key="EncryptionSettings.UniqueCertificateName" value="" />

<!-- EncryptionSettings.CertificateThumbprint - Certificate thumbprint to use for encrypting (used with X.509). (e.g. "6f 54 7c 48 87 bb 8f 8c 71 3f fb 50 f9 9b 5c 4c 8f dd 85 3f"). No default. -->
<add key="EncryptionSettings.CertificateThumbprint" value="‎" />

<!-- EncryptionSettings.MachineCertificate - Whether to use the Local Computer key container (as opposed to the Current User key container). True will select the Local Computer key container. Defaults to True. -->
<add key="EncryptionSettings.MachineCertificate" value="True" />

<!-- EncryptionSettings.Cipher - The Cipher to use. Valid values are: None, X509, UTF8, AESplusX509. Defaults to None. -->
<add key="EncryptionSettings.Cipher" value="None" />
  2. Save the web.config file with these changes.
Voice Scheduler
  1. In the Cyara.Voice.Scheduler.exe.config file, remove the values of the <EncryptionSettings.UniqueCertificateName> section and update the keys as: 
    <!-- EncryptionSettings.UniqueCertificateName - Distinguished name for the X.509 Certificate used with Database Encryption (e.g. "CN = CyaraPlatformEncryptionExample"). No default. -->
<add key="EncryptionSettings.UniqueCertificateName" value="" />

<!-- EncryptionSettings.CertificateThumbprint - Certificate thumbprint to use for encrypting (used with X.509). (e.g. "6f 54 7c 48 87 bb 8f 8c 71 3f fb 50 f9 9b 5c 4c 8f dd 85 3f"). No default. -->
<add key="EncryptionSettings.CertificateThumbprint" value="‎" />

<!-- EncryptionSettings.MachineCertificate - Whether to use the Local Computer key container (as opposed to the Current User key container). True will select the Local Computer key container. Defaults to True. -->
<add key="EncryptionSettings.MachineCertificate" value="True" />

<!-- EncryptionSettings.Cipher - The Cipher to use. Valid values are: None, X509, UTF8, AESplusX509. Defaults to None. -->
<add key="EncryptionSettings.Cipher" value="None" />
  2. Save the Cyara.Voice.Scheduler.exe.config file.
Omni Scheduler
  1. In the Cyara.Scheduler.Host.exe.config file, remove the values of the <EncryptionSettings.UniqueCertificateName> section and update the keys as: 
    <!-- EncryptionSettings.UniqueCertificateName - Distinguished name for the X.509 Certificate used with Database Encryption (e.g. "CN = CyaraPlatformEncryptionExample"). No default. -->
<add key="EncryptionSettings.UniqueCertificateName" value="" />

<!-- EncryptionSettings.CertificateThumbprint - Certificate thumbprint to use for encrypting (used with X.509). (e.g. "6f 54 7c 48 87 bb 8f 8c 71 3f fb 50 f9 9b 5c 4c 8f dd 85 3f"). No default. -->
<add key="EncryptionSettings.CertificateThumbprint" value="‎" />

<!-- EncryptionSettings.MachineCertificate - Whether to use the Local Computer key container (as opposed to the Current User key container). True will select the Local Computer key container. Defaults to True. -->
<add key="EncryptionSettings.MachineCertificate" value="True" />

<!-- EncryptionSettings.Cipher - The Cipher to use. Valid values are: None, X509, UTF8, AESplusX509. Defaults to None. -->
<add key="EncryptionSettings.Cipher" value="None" />
  2. Save the Cyara.Scheduler.Host.exe.config file.
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.