Table encryption allows you to encrypt tables or materialized views with sensitive data without the performance impact that encrypting the entire database might cause. When table encryption is enabled, table pages for the encrypted table, associated index pages, and temporary file pages are encrypted. The transaction log pages that contain transactions on encrypted tables are also encrypted.
For information about encrypting materialized views, see Encrypting or decrypting a materialized view.
To encrypt tables in your database, you must have table encryption enabled. Enabling table encryption must be done at database initialization. To see whether table encryption is enabled, query the EncryptionScope database property using the DB_PROPERTY function, as follows:
SELECT DB_PROPERTY( 'EncryptionScope' ); |
If the return value is TABLE, table encryption is enabled.
To see the encryption algorithm in effect for table encryption, query the Encryption database property using the DB_PROPERTY function, as follows:
SELECT DB_PROPERTY( 'Encryption' ); |
For a list of supported encryption algorithms, see Database encryption and decryption.
Performance impact of table encryption Starting a database that has table encryption enabled Enabling table encryption in the databaseTable encryption must be enabled and configured at database creation time. You must re-create the database with table encryption enabled if your database does not have table encryption enabled, or if you have database encryption in effect.
Create a database with table encryption (SQL)Create a database with the CREATE DATABASE statement, and specify a key and an encryption algorithm.
The following command creates the database new.db with strong encryption enabled for tables using the key abc, and the AES256_FIPS encryption algorithm:
CREATE DATABASE 'new.db' ENCRYPTED TABLE KEY 'abc' ALGORITHM 'AES256_FIPS'; |
Later, when you encrypt a table in this database, the AES256_FIPS algorithm and abc key are used.
Create a database with table encryption (command line)Create a database with the dbinit -et and -ek options, and specify a key and an encryption algorithm.
The following command creates the database new.db with strong encryption enabled for tables using the key abc and the AES256_FIPS encryption algorithm:
dbinit new.db -et -ek abc -ea AES256_FIPS |
Later, when you encrypt a table in this database, the AES256_FIPS algorithm and abc key are used.
Create a database with table encryption using an existing database (SQL)Create an encrypted copy of the database with the CREATE ENCRYPTED TABLE DATABASE statement, and specify a key.
The following example creates a database called contacts2 from an existing database called contacts1. The new database supports encrypted tables.
CREATE ENCRYPTED TABLE DATABASE 'contacts2.db' FROM 'contacts1.db' KEY 'Sd8f6654' OLD KEY 'Sc8e5543'; |
Later, when you encrypt a table in this database, the AES algorithm and Sd8f6654 key are used.
Encrypting a tableTo encrypt tables in your database, table encryption must already be enabled in the database. See Enabling table encryption in the database.
When you encrypt a table, the encryption algorithm and key that were specified at database creation time are used.
Encrypt a table at table creation (SQL)Create a table using the ENCRYPTED clause of the CREATE TABLE statement.
The following command creates an encrypted table named MyEmployees:
CREATE TABLE MyEmployees ( MemberID CHAR(40), CardNumber INTEGER ) ENCRYPTED; |
Encrypt a table after it has been created (SQL)Encrypt a table with the ENCRYPTED clause of the ALTER TABLE statement.
The following statements create a table called MyEmployees2 and then encrypt it.
CREATE TABLE MyEmployees2 ( MemberID CHAR(40), CardNumber INTEGER ); ALTER TABLE MyEmployees2 ENCRYPTED; |
See also |
Discuss this page in DocCommentXchange.
|
Copyright © 2012, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.1 |