Creates an encrypted copy of an existing database, including all transaction logs and dbspaces. You can also use this statement to create a copy of a database and enable table encryption in the copy.
CREATE ENCRYPTED DATABASE newfile FROM oldfile [ KEY newkey ] [ OLD KEY oldkey ] [ ALGORITHM algorithm
algorithm : | 'SIMPLE' | 'AES' | 'AES256' | 'AES_FIPS' | 'AES256_FIPS'
CREATE ENCRYPTED TABLE DATABASE newfile FROM oldfile [ KEY newkey ] [ OLD KEY oldkey ] [ ALGORITHM algorithm ]
ALGORITHM clause Use this clause to specify the encryption algorithm to use for newfile. If you specify a KEY clause but do not specify the ALGORITHM clause, AES (128-bit encryption) is used by default. If you specify SIMPLE for algorithm, you do not specify a KEY clause.
oldfile can be an unencrypted database, an encrypted database, or a database with table encryption enabled.
Syntax 1 takes an existing database, oldfile, and creates an encrypted copy of it, newfile.
Syntax 2 takes an existing database, oldfile, and creates a copy of it, newfile, with table encryption enabled. When you use this syntax, any tables encrypted in oldfile are encrypted in newfile as well. If no tables were encrypted in oldfile, but you want to encrypt them, you can execute an ALTER TABLE ... ENCRYPTED statement on each table you want to encrypt. See ALTER TABLE statement.
Neither syntax replaces or removes oldfile.
If oldfile uses transaction log or transaction log mirror files, they are renamed newfile.log and newfile.mlg respectively.
If oldfile contains dbspace files, an E (for encrypted) is added to the file name. For example, when you execute the CREATE ENCRYPTED DATABASE statement, the file mydbspace.dbs is changed to mydbspace.dbsE.
You can use this statement to change the encryption algorithm and key for a database. However, the CREATE ENCRYPTED DATABASE statement produces a new file (newfile), and does not replace or remove the previous version of the file (oldfile).
CREATE ENCRYPTED DATABASE and CREATE ENCRYPTED TABLE DATABASE cannot be run against a database that requires recovery. Also, these statements are not supported in procedures, triggers, events, or batches.
You can also encrypt an existing database or change an existing encryption key by unloading and reloading the database using the dbunload -an option with either -ek or -ep. See Using the dbunload utility to rebuild databases.
You can also create an encrypted database, or a database with table encryption enabled, using the CREATE DATABASE statement. See CREATE DATABASE statement.
FIPS is not available on all platforms. For a list of supported platforms, see http://www.sybase.com/detail?id=1002288.
Must be a user with DBA authority.
SQL/2003 Vendor extension.
The following example creates an encrypted copy of the demo database called demoEnc.db. The new database is encrypted with AES256 encryption.
CREATE ENCRYPTED DATABASE 'demoEnc.db' FROM 'demo.db' KEY 'Sd8f6654*Mnn' ALGORITHM 'AES256';
The following example creates a copy of the demo database called demoTableEnc.db. Table encryption is enabled on the new database. Since a key was specified with no algorithm, AES encryption is used.
CREATE ENCRYPTED TABLE DATABASE 'demoTableEnc.db' FROM 'demo.db' KEY 'Sd8f6654';
|Discuss this page in DocCommentXchange.
Send feedback about this page using email.
|Copyright © 2009, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.1|