FIPS-certified encryption technology

You can use FIPS-certified security algorithms to encrypt your database files, or to encrypt communications for database client/server communication, web services, and MobiLink client/server communication.

Federal Information Processing Standard (FIPS) 140-2 specifies requirements for security algorithms. FIPS 140-2 is granted by the American and Canadian governments through the National Institute of Standards and Testing (NIST) and the Canadian Communications Security Establishment (CSE).

SQL Anywhere uses a FIPS-certified module for encryption, both from Certicom. On Windows (desktop and Windows Mobile) and Unix platforms, SQL Anywhere uses Certicom Security Builder GSE (FIPS Module v2.0). This is number 542 on the page [external link] http://csrc.nist.gov/cryptval/140-1/140val-all.htm.

Enforcing FIPS

Optionally, you can enforce the use of FIPS-certified encryption on the client or server with a FIPS option. When you set the FIPS option to on, all secure communications must be FIPS-certified. If someone tries to use non-FIPS RSA encryption, it is automatically upgraded to FIPS-certified RSA encryption. If ECC is selected, an error is reported (ECC does not support FIPS-certified encryption). The FIPS option can be set on the client or server on which you want FIPS-certified encryption to be enforced. SQL Anywhere and MobiLink servers have a -fips command line option, and clients have a fips option that can be set with the encryption connection parameter.

For information about encrypting SQL Anywhere database files with FIPS-certified encryption, see Strong encryption.

Discuss this page in DocCommentXchange.