Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 12.0.0 » SQL Anywhere Server - Database Administration » Security » Keeping your data secure » Encrypting and decrypting a database

 

Creating an encrypted database

To create an encrypted database, you can use the following:

  • The Initialization utility (dbinit) in combination with various options to enable strong encryption.

    The dbinit utility -ep and -ek options create a database with strong encryption, allowing you to specify the encryption key in a prompt box or on the command line. The dbinit -ea option sets the encryption algorithm to AES or AES256 (or to AES_FIPS or AES256_FIPS for the FIPS-approved algorithm). See Initialization utility (dbinit).

  • The Sybase Central Create Database Wizard to create a strongly encrypted database. See Create a database (Sybase Central).

  • The Unload Database utility (dbunload) with options to create a new database with strong encryption. The -an option creates a new database. To specify strong encryption and the encryption key in a prompt box or on the command line use the -ep or -ek option. The -ea option sets the encryption algorithm to AES or AES256 (or to AES_FIPS or AES256_FIPS for the FIPS-approved algorithm). See Unload utility (dbunload).

  • You can also use the Sybase Central Unload Database Wizard to create a strongly encrypted database. See Export data with the Unload Database Wizard.

  • The following SQL statements:

 To create an encrypted database (SQL)
  1. Connect to an existing database from Interactive SQL.

  2. Execute a CREATE DATABASE statement that includes the ENCRYPTION clause and the KEY and ALGORITHM options.

    For example, the following statement creates a database file named myencrypteddb.db in the c:\ directory using FIPS-approved 128-bit AES encryption.

    CREATE DATABASE 'c:\\myencrypteddb.db'
    TRANSACTION LOG ON
    ENCRYPTED ON
      KEY '0kZ2o52AK#'
      ALGORITHM 'AES_FIPS';
 To create an encrypted database (command line)
  1. Use the dbinit utility to create a database. You must include -ek or -ep to specify the encryption key at the command prompt or a window, respectively.

    The following command creates a strongly encrypted database and specifies the encryption key and algorithm.

    dbinit -ek "0kZ2o56AK#" -ea AES_FIPS "myencrypteddb.db"
  2. Run the following command to start the database:

    dbeng12 myencrypteddb.db -ek "0kZ2o56AK#"
 To create an encrypted database using an existing database (SQL)
  1. Connect to an existing database (other than the one you are copying) from Interactive SQL.

  2. Encrypt the database using the CREATE ENCRYPTED DATABASE statement.

    The following statement takes the database file demo.db, and creates an AES-encrypted copy of it named encryptedDemo.db.

    CREATE ENCRYPTED DATABASE 'encryptedDemo.db'
    FROM 'demo.db'
    KEY 'abc'
    ALGORITHM 'AES';

    When you execute a CREATE ENCRYPTED DATABASE statement, you are not actually encrypting (overwriting) the file; you are creating a copy of the file in encrypted form. If there are transaction logs, transaction log mirrors, or dbspaces associated with the database, encrypted copies of those files are made as well. See CREATE ENCRYPTED DATABASE statement.

 Encrypting a database for technical support
 Comparison of CREATE ENCRYPTED DATABASE and CREATE ENCRYPTED FILE statements
 See also