Strong encryption of the Sybase IQ database file uses a 128-bit algorithm and a security key. The data is unreadable and virtually undecipherable without the key. The algorithm supported is described in FIPS-197, the Federal Information Processing Standard for the Advanced Encryption Standard.
Sybase IQ supports user encrypted columns with the addition of the AES_ENCRYPT and AES_DECRYPT functions and the LOAD TABLE ENCRYPTED clause. These functions permit explicit encryption and decryption of column data via calls from the application. Encryption and decryption key management is the responsibility of the application.
Users must be specifically licensed to use the encrypted column functionality of the Sybase IQ Advanced Security Option described in this product documentation.
Certain database options affect column encryption. Before using this feature, see “Setting database options for column encryption”.
The following terms are used when describing encryption of stored data.
plaintext Data in its original, intelligible form. Plaintext is not limited to string data, but is used to describe any data in its original representation.
ciphertext Data in an unintelligible form that preserves the information content of the plaintext form.
encryption A reversible transformation of data from plaintext to ciphertext. Also known as enciphering.
decryption The reverse transformation of ciphertext back to plaintext. Also known as deciphering.
key A number used to encrypt or decrypt data. Symmetric-key encryption systems use the same key for both encryption and decryption. Asymmetric-key systems use one key for encryption and a different (but mathematically related) key for decryption. The Sybase IQ interfaces accept character strings as keys.
Rijndael Pronounced “reign dahl.” A specific encryption algorithm that supports a variety of key and block sizes. The algorithm was designed to use simple whole-byte operations and thus is relatively easy to implement in software.
AES The Advanced Encryption Standard, a FIPS-approved cryptographic algorithm for the protection of sensitive (but unclassified) electronic data. AES adopted the Rijndael algorithm with restrictions on the block sizes and key lengths. AES is the algorithm supported by Sybase IQ.
