Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 10.0.1 » SQL Anywhere Server - Database Administration » Keeping Your Data Secure » Encrypting a database

Strong encryption Next Page

Creating a strongly-encrypted database


To create a new database with strong encryption, you can use:

To create a strongly encrypted database (SQL)
  1. Connect to an existing database from Interactive SQL.

  2. Execute a CREATE DATABASE statement that includes the ENCRYPTION clause and the KEY and ALGORITHM options.

    For example, the following statement creates a database file named myencrypteddb.db in the c:\ directory using FIPS-approved AES encryption.

    CREATE DATABASE 'c:\\myencrypteddb'
    TRANSACTION LOG ON
    ENCRYPTED ON
      KEY '0kZ2o52AK#'
      ALGORITHM 'AES_FIPS';
  3. To create a strongly encrypted database (command prompt)
    1. At a command prompt, use the dbinit utility to create a database. You must include -ek or -ep to specify the encryption key at the command prompt or a dialog box, respectively.

      The following command creates a strongly encrypted database and specifies the encryption key and algorithm.

      dbinit -ek "0kZ2o56AK#" -ea AES_FIPS "myencrypteddb.db"
    2. Start the database from the command prompt.

      dbeng10 myencrypteddb.db -ek "0kZ2o56AK#"
    3. For more information about the encryption key, see DatabaseKey connection parameter [DBKEY].

      If you have a database you want to encrypt, you can do so using the CREATE ENCRYPTED FILE statement. You are not actually overwriting the file, you are creating a copy of the file in encrypted form.

      Note

      You cannot encrypt a database if table encryption is enabled. Instead, you must recreate the database without table encryption.

      To encrypt a database after it has been created
      1. Encrypt an unencrypted database using the CREATE ENCRYPTED FILE statement.

        The following example takes the database file current.db, and creates an encrypted copy of it named encrypted.db.

        CREATE ENCRYPTED FILE encrypted.db
        FROM current.db
        KEY abc
        ALGORITHM AES;
      2. Using the same encryption key information, and following the file name convention you used for the database file, encrypt the associated transaction log file(s), dbspace file(s), and mirror log file (if any), using the CREATE ENCRYPTED FILE statement. See CREATE ENCRYPTED FILE statement.

      3. Note

        Although you can use the CREATE ENCRYPTED FILE statement to encrypt an unencrypted database, you cannot use the statement to enable only table encryption for a database that does not have encryption enabled. To enable encryption on a database, you must recreate the database and enable table encryption. See Enabling table encryption.

        You can decrypt a database using the CREATE DECRYPTED FILE statement. As with the CREATE ENCRYPTED FILE statement, you are creating a copy of the file (in this case, in decrypted form), and not actually overwriting the file. You must remember to decrypt not only the database file, but also the associated transaction log files, and dbspace(s). See CREATE DECRYPTED FILE statement.