Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 11.0.1 » SQL Anywhere Server - Database Administration » Security » Transport-layer security » Introduction to transport-layer security


FIPS-approved encryption technology

You can use FIPS-certified security algorithms to encrypt your database files, or to encrypt communications for database client/server communication, web services, and MobiLink client/server communication.

Federal Information Processing Standard (FIPS) 140-2 specifies requirements for security algorithms. FIPS 140-2 is granted by the American and Canadian governments through the National Institute of Standards and Testing (NIST) and the Canadian Communications Security Establishment (CSE).

SQL Anywhere uses two FIPS-certified modules for encryption, both from Certicom. On Palm OS, SQL Anywhere uses Certicom Security Builder GSE v1.0.1. This is number 316 on the page [external link] On Windows (desktop and Windows Mobile) and Unix platforms, SQL Anywhere uses Certicom Security Builder GSE (FIPS Module v2.0). This is number 542 on the same page.

Enforcing FIPS

Optionally, you can enforce the use of FIPS with a FIPS option. When you set the FIPS option to on, all secure communications must be over FIPS-approved channels. If someone tries to use non-FIPS RSA, it is automatically upgraded to FIPS RSA. If ECC is selected, an error is reported (ECC does not support FIPS). You must set the FIPS option for each computer on which you want FIPS to be enforced. SQL Anywhere and MobiLink servers have a -fips command line option, and clients have a fips option that can be set with the encryption parameter.

For information about encrypting SQL Anywhere database files with FIPS technology, see Strong encryption.