Users who own master key copies can change the passwords for their key copies.
alter encryption key [dual] master
with passwd char_string
modify encryption
{with passwd char_string [for recovery]
| for automatic_startup}
char_string – (first instance) If the user is the key owner, this is the password that currently encrypts the base copy of the master or dual master key. If the user is not the key owner, this is the password that currently encrypts the user’s copy of the key.
char_string – (second reference) specifies the new password for the regular or recovery copy. Do not use this parameter to enter a password for automatic_startup copies.
for automatic_startup – generate a new KEK and use it to create a new automatic_startup key copy.
If neither for recovery nor for automatic startup is specified, and the command is issued by the key owner, SAP ASE alters the base key copy password. If the command is not issued by the key owner, SAP ASE alters the password of the base key copy only if the current user has sso_role or keycustodian_role.
alter encryption key master with passwd 'unforgettablethatswhatyouare' add encryption with passwd 'just4now' for user Mary
alter encryption key master with passwd 'just4now' modify encryption with passwd 'maryspasswd'
alter encryption key master with passwd 'unforgettablethatswhatyouare' modify encryption with passwd 'notunforgettable'
alter encryption key master with passwd 'unforgettablethatswhatyouare' modify encryption for automatic_startup
Decrypts the base master key with a key encryption key derived from the password.
Creates a new master key encryption key and replaces the old key in the master key start-up file with this new key.
Creates a new automatic_startup key copy by encrypting the master key using the new master key encryption key, and replacing the old automatic_startup key copy in sysencryptkeys with this new copy.