When moving from ASA 8.0.3 to 12.0.1, I'm also moving from simple to strong encryption. That works fine for the database files (i.e. .db and .log) simply by unloading into a database created with DBINIT -ea -ek.

However, as I'm using SQL Remote and have a bunch of old v8 offline logs, I have to encrypt these old logs, too. And that's where I'm totally stuck:

  1. Trying to use CREATE ENCRYPTED FILE with v12 doesn't work: It tells me (with error -895) that the log has been created with a different software version and cannot be used with v12. - Alright, that's the pre-v10 old file format problem, I guess.
  2. Trying to use CREATE ENCRYPTED FILE with v8 doesn't work, either: It tells me that the file is already encrypted (which is partly true - it's obfuscated, aka simple encryption). And
  3. So I tried to decrypt the log files beforehand with CREATE DECRYPTED FILE with v8. But that doesn't seem to work, either, as there's no syntax to specify that only simple encryption is used.

So how can I change the old v8 logs from simple to strong encryption?

(Sidenote: That does not feel like simple encryption at all...)

asked 15 Apr '11, 10:06

Volker%20Barth's gravatar image

Volker Barth
29.6k294444650
accept rate: 32%

Reg is here - that looks perfect...

(15 Apr '11, 10:14) Volker Barth
Replies hidden

Further testing shows that v12's CREATE ENCRYPTED FILE statement is able to encrypt simply encrypted files where v8's version seems not able to.

I'm trying with v9 now - hoping that can handle v8 log files...

(15 Apr '11, 11:16) Volker Barth

No luck. SA 9.0.2.3951 (which is the latest EBF, AFAIK) can handle v8 log files but cannot encrypt simply encrypted files, either.

(15 Apr '11, 11:37) Volker Barth

You might be out of luck. Version 8 and 9 cannot convert a simple-encrypted file into a strongly-encrypted file. V10 and up can do it, but as you said they can't read the v8 format. I have no idea why I added this limitation because it should certainly be possible. And because v8 and v9 are EOL, I can't just go back and fix it.

I'll think about it some more and see if I can figure out a solution.

permanent link

answered 15 Apr '11, 11:58

Graeme%20Perrow's gravatar image

Graeme Perrow
8.5k371108
accept rate: 51%

Graeme, I'm just asking w.r.t. to old SQL Remote logs. I had asked a while ago in the newsgroups whether old logs must be encrypted with the same key as the current database, and I was told that this is necessary. So I concluded that I have to encrypt those old logs, too.

But I've just done a test where a v8 remote has incidentally lost an older message file, and the v12 cons (using strong encryption) has to resend contents from those old obfuscated v8 logs. And that seems to be possible without any problems.

Therefore I hope you won't have to investigate further in that respect - I'm gonna raise another SQL Remote question instead...

(15 Apr '11, 12:11) Volker Barth
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×406
×40
×32
×31
×31

question asked: 15 Apr '11, 10:06

question was seen: 1,460 times

last updated: 15 Apr '11, 13:06