Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 17 » UltraLite - Database Management and Developer Guide » UltraLite database creation approaches

Database security

You can encrypt or obfuscate your databases. Encryption provides secure representation of the data in the database whereas obfuscation only prevents casual observation of the contents of the database.

By default, databases are not encrypted or obfuscated. Text and binary columns can be read when using a viewing tool such as a hex editor. Consider the following options if you do not want your data stored as plain text:

  • Obfuscation

    This option provides protection against casual attempts to access data in the database but does not provide as much security as strong encryption. Obfuscation has a minimal performance impact. You do not need any special configuration to use simple obfuscation on your device.

  • AES 256-bit encryption

    This option encrypts databases with an AES 256-bit algorithm. Strong encryption provides security against skilled and determined attempts to gain access to the data. You do not need any special configuration to use AES encryption on your device.

  • FIPS 140-2 certified AES 256-bit encryption

    Encryption libraries certified to comply to the FIPS 140-2 computer security standard Security Requirements for Cryptographic Modules are provided under a separate license. FIPS-certified AES encryption requires that you configure your device appropriately.

Database obfuscation

To obfuscate data, specify obfuscate=1 as a database creation parameter when you create your database. End users do not need to supply a corresponding connection parameter.

To obfuscate data with the UltraLiteJ API, use the ConfigPersistent.enableObfuscation method during database creation.

Database encryption

Encryption keys should contain a combination of characters, numbers, and special symbols to be effective. Long encryption keys reduce the chances of someone guessing the key.

Note After the database is encrypted, the encryption key cannot be recovered.

Using SQL Central wizards, you can specify UltraLite database encryption options during creation by clicking the Encrypt the database option and then clicking Use strong encryption. Select one of the AES algorithms and then enter an encryption key.

Using the ulinit utility, you can specify encryption using the -e option. Use the --fips option to specify whether to use FIPS-certified encryption. Specify the encryption key with the -k (--key) option.

UltraLite API encryption options are available when creating a database.

Caution

You can change the encryption key after the database has been created but only under extreme caution.

This operation is costly and is non-recoverable. You can lose your database entirely if your operation terminates mid-course.

For strongly encrypted databases, store a copy of the key in a safe location. If you lose the encryption key, there is no way to access the data, even with the assistance of Technical Support. The database must be discarded and you must create a new database.

The DBKEY parameter must be supplied when connecting to the database; otherwise, the connections fail. Encryption keys should be treated as sensitive information.