Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 10.0.1 » SQL Anywhere Server - Database Administration » Keeping Your Data Secure » Encrypting a database

Creating a strongly-encrypted database Next Page

Working with encryption keys

As with most passwords, it is best to choose a key value that cannot be easily guessed. It is recommended that you choose a value for your key that includes between 8 and 30 characters, a combination of upper and lowercase characters, and numbers, letters, and special characters.


Be sure to store a copy of your key in a safe location. You require the key each time you want to start or modify the database. A lost key will result in a completely inaccessible database, from which there is no recovery.

You can change the encryption key for an encrypted database, or for a database for which table encryption has been enabled, using the CREATE ENCRYPTED FILE statement. As with encrypting the database, you are not overwriting the existing file, you are creating a copy of the file, encrypted with the new key.

To change the encryption key for a database
  1. Change the encryption key for an encrypted database using the CREATE ENCRYPTED FILE statement.

    The following example takes the database file currentkey.db, encrypted with key abc, and creates a copy of it called newkey.db, encrypting it with the key abc123.

    FROM currentkey.db
    KEY abc123
    OLD KEY abc
  2. Using the same encryption key information, and following the file name convention you used for the database file, encrypt the associated transaction log file(s), dbspace file(s), and mirror log file (if any), using the CREATE ENCRYPTED FILE statement. See CREATE ENCRYPTED FILE statement.

  3. Choosing the encryption key
    Protecting the encryption key