Originally, ASE encrypted columns relied on the ASE permission system to protect encrypted data. This required decrypt permissions to reference encrypted columns in selected target lists and did not prevent unauthorized administrators from accessing data.
The new feature allows keys and encrypted columns to be protected with passwords supplied by non-administrators. The passwords are used by ASE 15.0.2 to access encrypted data and are set by entering:
set encryption passwd <password> for [key | column] <key_name | column_name>
The new feature supports encrypted columns in bcp, which is the bulk copy utility used to move data between ASE and the Operating System (OS) file.
Originally, bcp with -C allowed copying of encrypted column data in the encrypted format. Correspondingly, bcp without -C allowed copying of encrypted column data in the decrypted format.
The new feature requires passwords for bcp to copy decrypted formats to OS files. Conversely, unencrypted data from an OS file can be copied into an encrypted column in encrypted format.
To use the new feature, you require a database server
with extended support for encrypted columns, such as ASE 15.0.2.
