Encrypting Data In eDirectory 241novdocx (en) 11 July 2008You can select different encryption schemes for different attributes in a single encrypted attributespolicy. For example, in an encrypted attributes policy EP1, you can select both AES as theencryption scheme for an attribute cubeno and Triple DES for an attribute empno. Refer to“Creating and Defining Encrypted Attributes Policies” on page 242 for more information.You can change the encryption scheme for an encrypted attribute by editing the encrypted attributespolicy. You can also unencrypt an attribute that you have encrypted earlier. Refer to “EditingEncrypted Attributes Policies” on page 242 for more information.You can choose to have different encryption schemes in different servers of the replica ring. Forexample, an attribute might be enabled for encryption using AES on Server1, Triple DES on Server2and no encryption scheme on Server3.10.1.2 Managing Encrypted Attributes PoliciesYou can manage encryption of the attributes by creating and defining policies and applying them toservers.You define an encrypted attributes policy by selecting the attributes for encryption and an encryptionscheme.Figure 10-2 Encrypting AttributesYou can manage encrypted attributes policies using iManager. This section provides the followinginformation: “Managing Encrypted Attributes Policies Through iManager” on page 242 “Managing Encrypted Attributes Policies Through LDAP” on page 243 “Copying the Encrypted Attributes Policies” on page 244 “Partition Operations” on page 244Create and defineencypted attributespolicySelectserver(s) toapply encryptedattributespolicyApplyencrypted attributespolicySelectattributes forencryptionSelectencryptionscheme