Updating encrypted data using MigrateEncryptedInfo (server offline)

You can change the merchant key and update the encrypted data using the command line tool, MigrateEncryptedInfo. This utility supports two ways of specifying the values of the merchant keys. One is to provide the actual values of the old and new merchant keys as command line arguments. The other is to retrieve the values through the Key Locator Framework.

Note:

If you want to consider an option with a minimal downtime, see Updating encrypted data using MigrateEncryptedInfo (server online).
You can now run the MigrateEncryptedInfo utility in a development environment as long as the server is offline.

Before you begin

Linux AIX Before running the MigrateEncryptedInfo.sh utility, ensure that the user ID that runs the utility (wasuser) has full permission to access files and subfolders in the WC_installdir/instances/ instance_name directory.

Before running the MigrateEncryptedInfo script for Oracle databases, you need to set the UNDO table space to a sufficiently large size by setting the datafile for the UNDO table space. From an SQLPlus prompt, enter the following command:

alter database datafile undotablespace datafile autoextend on
maxsize unlimited;

For example:

alter database datafile
    'C:\ORACLE\APP\ORACLE\ORADATA\ORCL\DATAFILE\O1_MF_UNDOTBS1_CFGDNYKG_.DBF'  autoextend on max size unlimited;

Procedure

Back up your database, following the instructions in your database engine documentation.
Log on using a Windows user ID with Administrator authority.
Switch to the WebSphere Application Server user ID (for example, wasuser):
```
su - WC_non_root_user
```
Stop the WC_instance_name application server in the WebSphere Application Server console. If it is running, use the WebSphere Application Server "stopServer" script to stop it.
For DB2 databases, open a DB2 command window. For Oracle databases, open a regular command window.
Switch to the WC_installdir\bin directory.
Run the MigrateEncryptedInfo utility
Ensure that you are aware of the following considerations when running the utility:
- If your merchant key is stored in the instance.xml file and you want to change the value in that file, complete the steps in Example 1.
- If your merchant key is stored in the instance.xml file and you want to change the value and store the value in an external file, complete the steps in Example 2.
- If your merchant key is stored in an external file and you want to change the value, complete the steps inExample 3.
- If your merchant key is stored in an external file and you want to change the value by -interactive parameter and store it to a different file, complete the steps in Example 4.
The MigrateEncryptedInfo tool generates the following log files:
- CCInfoMigration.log
- migrateFailedRecords_TABLENAME.log
- MKChangeUserAndCCInfoMigration.log
- MigrateEncryptedInfoError.log
in the following directory:
- WC_userdir/instances
- WC_installdir/logs
Review the information in these log files and ensure they do not contain any error messages. To re-encrypt multiple records in parallel, use more than one thread.