Adaptive Server version 15.7 adds the dual control of encryption keys and unattended startup features.
Changes for dual control and split knowledge, and unattended startup include:
- The master and dual master system keys are database-level keys, created by users with the sso_role or keycustodian_role, and are used as key-encryption keys ( KEKs) for user-created encryption keys to achieve better security and split knowledge for data encryption keys. The master key replaces the current system encryption password, which Adaptive Server continues to support for backward compatibility purposes. Sybase recommends that users no longer use system encryption passwords to encrypt data encryption keys.
- The ability to supply passwords for the master and dual master keys with SQL commands and through a private file. Passwords for the master keys are non-persistent: they are not stored in the database.
- The ability to protect all user-created keys through dual control and split knowledge.
See the Encrypted Columns Users Guide.