Use the following procedure to downgrade from a 12.5.4 server to an earlier version of 12.5.x when encrypted columns has been configured.
If encrypted columns are not currently enabled, the system security officer executes:
sp_configure 'enable encrypted columns',1
Use drop or alter to decrypt all tables with encrypted columns in all databases. The system security officer runs the following command in each database where encryption keys were created to list all encryption keys created in that database:
sp_encryption help
For each key listed, the system security officer runs the following to see a list of columns encrypted with a particular key:
sp_encryption help, <keyname>, 'display_cols'
For each encrypted column, one of the following steps must be performed:
alter table to decrypt the encrypted column
alter table to drop the encrypted columns
drop the table containing the encrypted column
After the data encryption has been removed, drop the encryption key.
To guarantee that no other user can access Adaptive Server while a system table is removed, restart the server in single-user mode. See the Utility Guide for details on starting the server in single-user mode.
To remove the sysencryptkeys catalog and the new columns in syscolumns from each database, a user with sso_role and sa_role must execute:
sp_encryption remove_catalog
If a database is unavailable, the command prints an error and exits. You should bring the unavailable database online and execute sp_encryption remove_catalog again.
If columns encrypted by any key in sysencryptkeys exist, the command does not drop sysencryptkeys, but prints an error or warning and continues with the next database. If sp_encryption is successful in removing sysencryptkeys and the new columns from syscolumns, it also removes these rows from sysattributes in each database:
The record of the upgrade item that added sysencryptkeys
The record of the upgrade item that added the new columns in syscolumns
The system encryption password for the database
Drop the system stored procedure sp_encryption from the sybsystemprocs database.
Shut down the server. You can now use a 12.5.x Adaptive Server binary from a pre-12.5.4 release area.
Copy the RUN_SERVER file to a 12.5.x release area and modify it to use the data server binary from the 12.5.x release area.
Restart the server using the modified RUN_SERVER file.
Run the 12.5.x version of installmaster to return stored procedures to their original version.
To re-enable encrypted columns, when rolling forward from a downgraded 12.5.4 server back to 12.5.4, configure enable encrypted columns. Upon restarting the 12.5.4 server, the sysencryptkeys system table and the new columns in syscolumns are installed in each database.