Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 10.0.1 » SQL Anywhere Server - Database Administration » The Database Server » The SQL Anywhere database server » Database server options

-fc server option Next Page

-fips server option

Requires that only FIPS-approved algorithms should be used for strong database and communication encryption.


{ dbsrv10 | dbeng10 } -fips ...


Specifying this option forces all server encryption to use FIPS-approved algorithms. This option applies to strong database encryption, client/server transport-layer security, and web services transport-layer security. You can still use unencrypted connections and databases when the -fips option is specified, but you cannot use simple encryption.

Separately licensed component required

ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.

See Separately licensed components.

For strong database encryption, the -fips option causes new databases to use the AES_FIPS type, even if AES is specified in the ALGORITHM clause of the CREATE DATABASE statement. When the database server is started with -fips, you can run databases encrypted with AES or AES_FIPS strong encryption, but not databases encrypted with simple encryption. Unencrypted databases can also be started on the server when -fips is specified.

The SQL Anywhere security option must be installed on any computer used to run a database encrypted with AES_FIPS.

For SQL Anywhere transport-layer security, the -fips option causes the server to use the FIPS-approved RSA encryption cipher, even if RSA is specified. If ECC is specified, an error occurs because a FIPS-approved elliptic-curve algorithm is not available.

For transport-layer security for web services, the -fips option causes the server to use HTTPS FIPS, even if HTTPS is specified.

When you specify -fips, the ENCRYPT and HASH functions use the FIPS-approved RSA encryption cipher, and password hashing uses the SHA-256 FIPS algorithm rather than the SHA-256 algorithm.

See also