The system encryption password is a database-specific password, and is the secondary default encryption method for the CEK. That is, you need not create a master key for the database. Adaptive Server uses the system encryption password to encrypt keys created in a specified database without an explicit password clause. Once the system security officer or key custodian has set a system encryption password, you need not specify this password to process encrypted columns. Adaptive Server internally accesses the system encryption password when it needs to encrypt or decrypt column encryption keys.
The system security officer or key custodian usse sp_encryption to set the system encryption password. The system password is specific to the database using sp_encryption, and its encrypted value is stored in the sysattributes system table in that database.
sp_encryption system_encr_passwd, password
password can be as many as 255 bytes in length.
Set a system encryption password only in the database where encryption keys are created.
The system encryption password protects your encryption keys. Choose long and complex system encryption passwords. Longer passwords are harder to guess or crack by brute force. Include uppercase and lowercase letters, numbers, and special characters in the system encryption password. Sybase recommends that the system encryption password be at least 16 bytes in length.
Adaptive Server enforces compliance of the system encryption password with the minimum password length and check password for digit configuration parameters.
Change the system password by using sp_encryption and supplying the old password:
sp_encryption system_encr_passwd, password [ , old_password]
Periodically change the system encryption password, especially when an administrator who knows the system encryption password leaves the company. When the system password is changed, Adaptive Server automatically reencrypts all keys in the database with the new password. Encrypted data is unaffected when the system password is changed, in other words, it is not decrypted and reencrypted.
You can u-set the system encryption password by supplying “null” as the argument for password and supplying the value for old_password. Unset the system password only if you have dropped all the encryption keys in that database that were encrypted by the system encryption password.