drop encryption key ensures that there are no remaining references to the encryption key, and then deletes it. You cannot drop a nonexistent syb_extpasswdkey or syb_syscommkey_dddddd. To ensure that you delete all hidden text keys, use sp_encryption to identify all existing keys.
If your ASE_ENCRYPTION license has expired,
encrypted data is no longer available, and you cannot execute the drop
encryption key command. Contact Sybase Technical Support
to obtain a temporary license.
A user with sso_role or keycustodian_role can delete an unused service key for external logins using:
drop encryption key syb_extpasswdkey with password encryption downgrade
When with password encryption downgrade is specified, Adaptive Server resets external login passwords with the algorithm used in versions earlier then 15.7. The Replication Agent password, and the CIS and RTMS external login passwords are reset to an invalid value. The administrator must manually reenter the passwords, after the key is dropped, to resume usage of the corresponding services.
A user with sso_role or keycustodian_role can delete an unused service key for hidden text by using:
This command to indicate you are dropping a single key:
drop encryption key syb_syscommkey_dddddd
Adaptive Server checks if there are any references to the specified key _dddddd, and drops the key if no references are found.
Because syb_syscommkey_dddddd indicates a single key, you cannot specify syb_syscommkey_dddddd with the with text encryption downgrade parameter.
This command to indicate you are dropping multiple keys:
drop encryption key syb_syscommkey with text encryption downgrade
If you specify with text encryption downgrade, you cannot specify a single service key with syb_syscommkey_dddddd, only with syb_syscommkey.
Without the “dddddd” suffix for the syb_syscommkey, Adaptive Server reencrypts all the hidden text in syscomments with the algorithm used in versions earlier than 15.7, and drops all syb_syscommkey_dddddd keys
