Encryption occurs when Pega 7 saves an instance of the class; decryption occurs when Pega 7 retrieves and opens an instance. This feature is unrelated to any encryption of the database provided through database software or software provided by others.
You can optionally enable configuration of the Storage Stream or BLOB (pzPVStream) column for rows of the PegaRULES database corresponding to specific classes.
Note: Implementation of a site-specific encryption algorithm requires Java skills and familiarity with Java Cryptography Extension (JCE) technology. This topic provides an overview for planning purposes. Needed scripts and more detailed instructions are available on request from Global Customer Support.
Pega 7 does not include encryption software. The sample Java class PRCipherSampleBF exposes the SunJCE Java Cryptography Extension provider (in your system's JDK) of the Blowfish algorithm. The sample is provided only to demonstrate the capability and assist in development. To ensure the security and uniqueness of your encryption implementation, do not implement this sample.
PRCipherGenerator
to create a class skeleton. prconfig.xml
file (on each node) so that the sitecipher class entry matches your new class :<env name="crypto/sitecipherclass" value="YYYY.ZZZZ.QQQQ" />
where YYYY.ZZZZ is the name of your package and QQQQ is the name of your class, using the same values as above in the step 1.5 Complete the skeleton class...
prconfig.xml
setting take effect, stop and restart (or redeploy) the system.Note: As an alternative to the prconfig.xml file, you can use Dynamic System Settings to configure your application.
See How to create or update a prconfig setting.
If a ZIP archive contains instances of classes with encrypted Storage Stream values, the ZIP archive can only be imported to another system that uses the identical site-specific cipher.
CPU processing for encryption and decryption can affect overall system performance, depending on data volumes and algorithms. To help you assess the impact, six Decimal properties on the Full Details display of the Performance tool record times and counts. (Elapsed time and CPU times are components of other statistics that measure database times. CPU statistics are available only for Windows platforms. All times are in seconds.)
Encryption of the Storage Stream column for one class does not affect the Storage Stream of other classes, even those occupy the same table in the PegaRULES database.
prconfig.xml file, Storage Stream | |
About Class rules
Performance tool — Full details display |