create encryption key

The create encryption key command supports the full database encryption feature.

The database encryption key is a 256-bit symmetric key that is created in the master database and used to encrypt a database.

Syntax

create encryption key keyname
    [for algorithm]
    for database encryption
    [with
        {[master key]
        [key_length 256]
        [init_vector random]
        [[no] dual_control]}

Parameters

Examples

Usage

  • The database encryption key does not support the pad option in create encryption key command.
  • The database encryption key cannot be the default key for column encryption.
  • Successfully created database encryption keys are stored in the sysencryptkeys table of the master database and are indicated by this key type:
    #define EK_DBENCKEY       0x1000

Standards

ANSI SQL – Compliance level: Transact-SQL extension.

Permissions

The permission checks for create encryption key differ, based on your granular permission settings:
Granular permissions enabled SAP ASE creates a new permission called "manage database encryption key." You must have permission to create a database encryption key.
Granular permissions disabled You must be a user with sso_role, keycustodian_role, or have create encryption key privilege.
Related concepts
Changing a Database Encryption Key
Dropping a Database Encryption Key
Back Up the Database Encryption Key
Full Database Encryption and System Changes
create archive database for Full Database Encryption
dbencryption_status
sp_helpdb
sp_encryption
ddlgen
sybmigrate
Changed System Tables
Related tasks
Creating the Database Encryption Key
Related reference
drop encryption key
alter database for Full Database Encryption
create database for Full Database Encryption