Encrypted database creation

To create an encrypted database, you can use the following:

  • The dbinit utility in combination with various options to enable strong encryption.

    The dbinit utility -ep and -ek options create a database with strong encryption, allowing you to specify the encryption key in a prompt box or on the command line. The dbinit -ea option sets the encryption algorithm to AES or AES256 (or to AES_FIPS or AES256_FIPS for the FIPS-certified algorithm). See Initialization utility (dbinit).

  • The Sybase Central Create Database Wizard to create a strongly encrypted database. See Create a database (Sybase Central).

  • The dbunload utility with options to create a new database with strong encryption. The -an option creates a new database. To specify strong encryption and the encryption key in a prompt box or on the command line use the -ep or -ek option. The -ea option sets the encryption algorithm to AES or AES256 (or to AES_FIPS or AES256_FIPS for the FIPS-certified algorithm). See Unload utility (dbunload).

  • The Sybase Central Unload Database Wizard to create a strongly encrypted database. See Export data with the Unload Database Wizard.

  • The following SQL statements:

 Create an encrypted database (SQL)
  1. Connect to an existing database from Interactive SQL.

  2. Execute a CREATE DATABASE statement that includes the ENCRYPTION clause and the KEY and ALGORITHM options.

    For example, the following statement creates a database file named myencrypteddb.db in the c:\ directory using FIPS-certified 128-bit AES encryption.

    CREATE DATABASE 'c:\\myencrypteddb.db'
    TRANSACTION LOG ON
    ENCRYPTED ON
      KEY '0kZ2o52AK#'
      ALGORITHM 'AES_FIPS';
 Create an encrypted database (command line)
  1. Use the dbinit utility to create a database. You must include -ek or -ep to specify the encryption key at a command prompt or a window, respectively.

    The following command creates a strongly encrypted database and specifies the encryption key and algorithm.

    dbinit -ek "0kZ2o56AK#" -ea AES_FIPS "myencrypteddb.db"
  2. Run the following command to start the database:

    dbeng12 myencrypteddb.db -ek "0kZ2o56AK#"
 Create an encrypted database using an existing database (SQL)
  1. Connect to an existing database (other than the one you are copying) from Interactive SQL.

  2. Encrypt the database using the CREATE ENCRYPTED DATABASE statement.

    The following statement takes the database file demo.db, and creates an AES-encrypted copy of it named encryptedDemo.db.

    CREATE ENCRYPTED DATABASE 'encryptedDemo.db'
    FROM 'demo.db'
    KEY 'abc'
    ALGORITHM 'AES';

    When you execute a CREATE ENCRYPTED DATABASE statement, you are not actually encrypting (overwriting) the file; you are creating a copy of the file in encrypted form. If there are transaction logs, transaction log mirrors, or dbspaces associated with the database, encrypted copies of those files are made as well. See CREATE ENCRYPTED DATABASE statement.

 Encrypting a database for technical support
 Comparison of CREATE ENCRYPTED DATABASE and CREATE ENCRYPTED FILE statements
 See also