Question
Pegasystems Inc.
US
Last activity: 29 Dec 2015 15:48 EST
Testing Encryption
My customer wants to encrypt a bunch of fields (and not the whole blob). We found a lot of help on mesh which we followed -> https://mesh.pega.com/docs/DOC-91563
and How to encrypt at filed level?
We got stuck on the "Compile and Load" step for which we opened a SR and GCS engineer Ankur Das was able to help us out!
Now, we are wondering about a couple of things -
- How to test it whether a field is really encrypted? 'Cause I'm guessing the field will be unenrypted when it shows up on the clipboard? I can probably expose the field and see the value in the DB if it is encrypted but we don't want to expose this column.
- The bigger question is - this application is already in production and these fields are in clear text for existing cases in production. How do we go back and encrypt these fields in existing cases in production?
- At first I thought - write an activity which would simply do obj-open and commit. But I'm thinking the obj-open step might break since the same field (i.e. SSN) was of type Text and now it is TextEncrypted. So, it might throw a run time error.
Has anyone done this before?
My customer wants to encrypt a bunch of fields (and not the whole blob). We found a lot of help on mesh which we followed -> https://mesh.pega.com/docs/DOC-91563
and How to encrypt at filed level?
We got stuck on the "Compile and Load" step for which we opened a SR and GCS engineer Ankur Das was able to help us out!
Now, we are wondering about a couple of things -
- How to test it whether a field is really encrypted? 'Cause I'm guessing the field will be unenrypted when it shows up on the clipboard? I can probably expose the field and see the value in the DB if it is encrypted but we don't want to expose this column.
- The bigger question is - this application is already in production and these fields are in clear text for existing cases in production. How do we go back and encrypt these fields in existing cases in production?
- At first I thought - write an activity which would simply do obj-open and commit. But I'm thinking the obj-open step might break since the same field (i.e. SSN) was of type Text and now it is TextEncrypted. So, it might throw a run time error.
Has anyone done this before?
Accepted Solution
Pegasystems Inc.
US
We have found answers to our questions -
1. The clipboard does show the encrypted value. Thus, we can test the encryption using clipboard (To display the value on the UI, we need to use the following control - ShowTextEncryptedPropertyValue)
2. We can't change the datatype of an existing Property. So, we are forced to create a new property of type TextEncrypted and copy the values from the old property to the new property. For fixing historic WOs, we will blank out the values in the old property.
Pegasystems Inc.
US
I might have found my own answers to the second question - I can't change the datatype of an existing Property. So, I'm forced to create a new property of type TextEncrypted and copy the values from the old property to the new property. For fixing historic WOs, I'll blank out the values in the old property.
Accepted Solution
Pegasystems Inc.
US
We have found answers to our questions -
1. The clipboard does show the encrypted value. Thus, we can test the encryption using clipboard (To display the value on the UI, we need to use the following control - ShowTextEncryptedPropertyValue)
2. We can't change the datatype of an existing Property. So, we are forced to create a new property of type TextEncrypted and copy the values from the old property to the new property. For fixing historic WOs, we will blank out the values in the old property.