Sybase IQ includes enhancements to Federal Information Processing Standards (FIPS) approved encryption technology. FIPS is supported on all platforms supported by Sybase IQ.
The main impact of FIPS support for Sybase IQ is that encryption can be nondeterministic, which is now the default behavior. A nondeterministic algorithm is one in which the same input yields different output values each time. This means that when you use a key to encrypt a string, the encrypted string is different each time. The algorithm, however, is still able to decrypt the nondeterministic result using the key. This feature makes analyzing the encryption algorithm more difficult, and encryption more secure.
Support of FIPS is part of the separately licensed Sybase IQ Advanced Security Option.
Both RSA and FIPS security are included with Sybase IQ. RSA encryption requires no separate libraries, but FIPS requires two optional libraries: dbfips11.dll and sbgse2.dll. The library sbgse2.dll is provided by Certicom. Both security models require certificates. The rsaserver certificate has been renamed from rsaserver.crt to rsaserver.id.
FIPS also requires this registry setting, which is set automatically by the Sybase IQ installation utility:
[HKEY_LOCAL_MACHINE\SOFTWARE\Certicom\libsb] "expectedtag"=hex:5b,0f,4f,a6,e2,4a,ef,3b,44,07,05,2e,b0,49,02,71,1f,d9,91,b6
See SQL Anywhere 11.0.1 > SQL Anywhere Server – Database Administration > Security > Transport-layer security and SQL Anywhere 11.0.1 > SQL Anywhere Server – Database Administration > Security > Keeping your data secure.