Encrypting data

You can encrypt or obfuscate your UltraLite database using the UltraLite embedded SQL.

See Encrypting data.

Encryption

When an UltraLite database is created (using Sybase Central for example), an optional encryption key may be specified. The encryption key is used to encrypt the database. Once the database is encrypted, all subsequent connection attempts must supply the encryption key. The supplied key is checked against the original encryption key and the connection fails unless the key matches.

Choose an encryption key value that cannot be easily guessed. The key can be of arbitrary length, but generally a longer key is better, because a shorter key is easier to guess. Including a combination of numbers, letters, and special characters decreases the chances of someone guessing the key.

Do not include semicolons in your key. Do not put the key itself in quotes, or the quotes will be considered part of the key.

To connect to an encrypted UltraLite database

  1. Specify the encryption key in the connection string used in the EXEC SQL CONNECT statement.

    The encryption key is specified with the key= connection string parameter.

    You must supply this key each time you want to connect to the database. Lost or forgotten keys result in completely inaccessible databases.

  2. Handle attempts to open an encrypted database with the wrong key.

    If an attempt is made to open an encrypted database and the wrong key is supplied, db_init returns ul_false and SQLCODE -840 is set.

Changing the encryption key

You can change the encryption key for a database. The application must already be connected to the database using the existing key before the change can be made.

To change the encryption key on an UltraLite database

  • Call the ULChangeEncryptionKey function, supplying the new key as an argument.

    The application must already be connected to the database using the old key before this function is called.

    See ULChangeEncryptionKey function.

Obfuscation

To obfuscate an UltraLite database

  • An alternative to using database encryption is to specify that the database is to be obfuscated. Obfuscation is a simple masking of the data in the database that is intended to prevent browsing the data in the database with a low level file examination utility. Obfuscation is a database creation option and must be specified when the database is created.

    See Choosing database creation parameters for UltraLite.

Copyright © 2008, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.0