Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 12.0.1 » UltraLite - Database Management and Reference » UltraLite database creation


UltraLite database security

You have the option to encrypt or obfuscate your UltraLite databases. Encryption provides secure representation of the data in the database whereas obfuscation only prevents casual observation of the contents of the database.

By default, UltraLite databases are not encrypted or obfuscated. When using a viewing tool such as a hex editor, text and binary columns can be read. Consider the following options if you do not want your data stored as plain text:

  • Obfuscation   Also known as simple encryption, this option provides protection against casual attempts to access data in the database. It does not provide as much security as strong encryption. Obfuscation has a minimal performance impact. You enable obfuscation with the obfuscate creation parameter. End users do not need to supply a corresponding connection parameter. You do not need any special configuration to use simple obfuscation on your device. See UltraLite obfuscate creation parameter.

  • AES 256-bit encryption   UltraLite databases can be strongly encrypted using the AES 256-bit algorithm. Strong encryption provides security against skilled and determined attempts to gain access to the data, but has a significant performance impact. You set encryption in the Sybase Central wizards by clicking the Encrypt the Database option and then clicking Use Strong Encryption and AES. Using a command line utility, you set the encryption key with the DBKEY connection parameter. This parameter value is used by end users when connecting to the database. You do not need any special configuration to use AES encryption on your device. See UltraLite DBKEY connection parameter.

  • AES FIPS 140-2 certified encryption (Windows and Windows Mobile only)   UltraLite provides encryption libraries certified with the FIPS 140-2 US and Canadian government standard (using a Certicom certified cryptographic module). You set FIPS-certified encryption with the fips creation parameter. The user must supply the required key in their connection string. AES FIPS-certified encryption requires that you configure your device appropriately. See UltraLite fips creation parameter.


Both the FIPS-certified and AES database encryption types use 256-bit AES.

Consider the effects of database cache size when choosing to encrypt or obfuscate UltraLite databases. There is an increase in overhead of between 5-10% as a result, resulting in decreased performance. The exact effect on performance depends on the size of your cache. If your cache is too small, encryption can add significant overhead. However, if your cache is sufficiently large, you may not see any difference at all. For more information about cache sizes, see Adjusting the cache size for an UltraLite database.

 Obfuscating an UltraLite database
 Encrypting an UltraLite database
 Encrypting an UltraLite Java edition database
 See also