11.1 Encrypting Attributes

eDirectory 8.8 enables you to encrypt sensitive data stored in the disk. Encrypted attributes is a server-specific feature.

You can access encrypted attributes only over secure channels unless you choose to provide access over clear text channels too. Refer to Section 11.1.3, Accessing the Encrypted Attributes for more information.

This section includes the following information:

The encrypted attributes feature is supported only on eDirectory 8.8 and later servers.

11.1.1 Need for Encrypted Attributes

Prior to eDirectory 8.8, data was stored in clear text on the disk. There was a need to protect the data and provide access to the data only over secure channels.

You can use this feature in scenarios where you need to protect confidential data such as credit card numbers of bank customers.

11.1.2 How to Encrypt Attributes

You can encrypt attributes by creating and defining encrypted attributes policies and then applying these policies to the servers. You can create, define, apply, and manage encrypted attributes policies through iManager and LDAP.

  1. Create and define an encrypted attribute policy:

    1. Determine the attributes for encryption.

    2. Determine the encryption scheme for the attributes.

  2. Apply the encrypted attributes policy to a server.

11.1.3 Accessing the Encrypted Attributes

You can access the encrypted attributes only over secure channels like the LDAP SSL port or the HTTP secure port. You can choose to provide access to the encrypted attributes through clear text channels using the iManager plug-in. For more information, refer to the NetIQ eDirectory 8.8 SP8 Administration Guide.