Change the Encryption Mode

This applies to: Visual Data Discovery

You can change the encryption mode used by Symphony (for example to change from AES to AES/CBC/PKCS5Padding encryption). The encryption mode you select is used to encrypt connection parameters, secure user attributes, and Trusted Access tokens.

We recommend that you change the encryption mode used by Symphony with the assistance of Symphony Technical Support.

If you are upgrading to a newer version of Symphony and you also want to change your encryption mode, perform the upgrade first and then complete the steps described here.

You must have system administration privileges to change the encryption mode.

You must have the full-strength Java Cryptography Extension (JCE) installed in your Java virtual machine (it's not there by default). You can download the JCE Unlimited Strength Jurisdiction Policy Files from Oracle at the following link: https://www.oracle.com/java/technologies/javase-jce8-downloads.html.

See also Encrypt Configuration Properties.

To change the encryption mode:

1. Start the Symphony microservice. This will populate the Symphony database using the original encryption (for example AES). See Start Symphony Microservices.

2. Stop the Symphony microservice. See Stop Symphony Microservices.

3. Back up the Symphony database. See Back Up the Metadata Store.

4. Modify the following encryption properties in the zoomdata.properties file: security.encryption.algorithm and security.encryption.key.algorithm. For example:

   security.encryption.algorithm=AES/CBC/PKCS5Padding
   security.encryption.key.algorithm=AES

   See zoomdata.properties Properties.

5. Start the Symphony microservice. Symphony will start using the new properties and the new encryption method. See Start Symphony Microservices.