To encrypt columns in a new table, use the encrypt column qualifier on the create table statement. The following partial syntax for create table includes only clauses that are specific to encryption. See the Reference Manual: Commands.
create table table_name (column_name . . . [constraint_specification] [encrypt [with [database.[owner].]keyname]] [, next_column_specification . . .] )
keyname – identifies a key created using create encryption key. The creator of the table must have select permission on keyname. If keyname is not supplied, Adaptive Server looks for a default key created using the as default clause on the create encryption key.
You
cannot encrypt a computed column, and an encrypted column cannot
appear in an expression that defines a computed column. You cannot specify
an encrypted column in the partition_clause of
a table.
The following example creates two keys: a database default key, and another key (cc_key) which you must name in the create table command. Both keys use default values for length and an initialization vector. The ssn column in the employee table is encrypted using the default key, and the creditcard column in the customer table is encrypted with cc_key:
create encryption key new_key as default for AES create encryption key cc_key create table employee_table (ssn char(15) encrypt, ename char(50), ...)) create table customer (creditcard char(20) encrypt with cc_key, cc_name char(50), ...)
This example creates key k1, which uses nondefault values for the initialization vector and random pad. The employee esalary column is padded with random data before encryption:
create encryption key k1 init_vector null pad random create table employee (eid int, esalary money encrypt with k1, ...)
