|
By default, UltraLite databases are unencrypted on disk. Text and binary columns are plainly readable within the database when using a viewing tool such as a hex editor. If you need to encrypt data for greater security, consider the options listed below.
Obfuscation This option provides protection against casual attempts to access data in the database. It does not provide as much security as strong encryption. Obfuscation has minimal performance impact. You set obfuscation with the obfuscate property. End users do not need to supply a corresponding connection parameter. You do not need any special configuration to use simple obfuscation on your device.
AES 128-bit strong encryption UltraLite databases can be strongly encrypted using the AES 128-bit algorithm, which is the same algorithm used to encrypt SQL Anywhere databases. Use of strong encryption provides security against skilled and determined attempts to gain access to the data, but has a significant performance impact. You set encryption in the wizards by selecting the Encrypt Database option and then selecting AES Strong Encryption. Using a creation utility, you set the key with the key connection parameter. This same parameter is used by end users when connecting to the database after it has been created. You do not need any special configuration to use AES encryption on your device.
AES FIPS 140-2 compliant encryption UltraLite provides encryption libraries compliant with the FIPS 140-2 US and Canadian government standard (using a Certicom certified cryptographic module). Only choose this option if you are a government agency that requires this strength of encryption. You set FIPS compliant encryption with the FIPS property. End users need to then supply the required key in the corresponding connection parameter. AES FIPS encryption requires that you configure your device appropriately. See Setting up an AES FIPS database encryption in UltraLite .
TipThe MobiLink server's synchronization streams can use public/private keys to encrypt streamed data. For ease of deployment, you can embed these certificates in the UltraLite database when you create it. See Configuring MobiLink clients to use transport-layer security. |
NotesBoth the FIPS and AES database encryption types use 128-bit AES. This means that if you use the same encryption key, the database is encrypted the same way irrespective of the standard you choose. |
| Caution
You can change the encryption key after the database has been created, but only under extreme caution. See:
This operation is costly and is non-recoverable: if your operation terminates mid-course, you will lose your database entirely. Additionally, if you lose or forget the encryption key for a strongly encrypted database, there is no way to access the data in it—even with the assistance of technical support. The database must be discarded and you must create a new database. |