Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 17 » SQL Anywhere Server - SQL Reference » SQL statements » Alphabetical list of SQL statements


Creates a decrypted copy of a strongly encrypted database, and can be used to create decrypted copies of transaction logs, transaction log mirrors, and dbspaces.

FROM oldfile KEY key
  • FROM clause

    Lists the file name of the encrypted file.

  • KEY clause

    Lists the key required to access the encrypted file. The key can be either a string or a variable name.


The CREATE DECRYPTED DATABASE statement is the recommended method for decrypting a database. If the CREATE DECRYPTED DATABASE statement fails, then use the CREATE DECRYPTED FILE statement. The CREATE DECRYPTED FILE statement is often used when you have to decrypt a database for support Technical Support purposes. You can also use this statement to decrypt an associated database file, such as a transaction log, transaction log mirror, or dbspace files.

In addition to decrypting the database file, the CREATE DECRYPTED DATABASE statement automatically decrypts any associated files, such as the transaction log, transaction log mirror, and dbspace files. If you use the CREATE DECRYPTED FILE statement, you must decrypt the associated files individually.

The original database file must be strongly encrypted using an encryption key. The resulting file is an exact copy of the encrypted file, without encryption and therefore requiring no encryption key.

If disk sandboxing is enabled, then database operations are limited to the directory where the main database file is located.

If a database is decrypted using this statement, then the corresponding transaction log file (and any dbspaces) must also be decrypted to use the database.

If a database requiring recovery is decrypted, its transaction log file must also be decrypted and recovery on the new database is necessary. The name of the transaction log file remains the same in this process, so if the database and transaction log file are renamed, then you need to run dblog -t on the resulting database.

You cannot use this statement on a database that has table encryption enabled. If you have tables you want to decrypt, use the NOT ENCRYPTED clause of the ALTER TABLE statements to decrypt them.

Note For databases created with SQL Anywhere 12 or later, the ISYSCOLSTAT, ISYSUSER, and ISYSEXTERNLOGIN system tables always remain encrypted to protect the data from unauthorized access to the database file.

This statement is not supported in procedures, triggers, events, or batches.

You cannot be connected to the database you are decrypting. You must be connected to a different database. For example, connect to the utility database. The database that you are encrypting must not be running.


Your ability to execute this statement depends on the setting for the -gu database option, and whether you have the SERVER OPERATOR system privilege.

Side effects


  • ANSI/ISO SQL Standard

    Not in the standard.


The following example decrypts a fictitious encrypted database called encContacts, and creates a new unencrypted database called contacts.

FROM 'encContacts.db'
KEY 'Sd8f6654*Mnn';