Create
a database encryption key using a specified encryption method.
Prerequisites
Before you can create a database encryption key (DEK):
- Verify that you have a valid SAP ASE encryption feature license
(ASE_ENCRYPTION)
- Create a key encryption key (KEK). This can be a master key or dual master key;
these both protect the database encryption key (DEK). See Using
Database-Level Master and Dual Master Keys in the Encrypted
Columns Users Guide.
- Set the sp_configure enable encrypted
columns configuration parameter.
- Ensure that you have the appropriate privileges. With:
- Granular permissions enabled – you must have permission to execute
manage database encryption key to create a database
encryption key.
- Granular permissions disabled – you must have sso_role, keycustodian_role,
or execute permission on the create encryption key
command.
Task- In
the left pane of the Administration Console, expand
- Click Database Encryption Keys
- Select New
- In the Introduction screen, select:
- The server where the encryption key is being defined
- The key owner
These fields are cannot be modified if you do not have:
- Any servers enabled for database encryption
- A master key for the master database in your selected
server
- On the Encryption Key Name screen, enter a database encryption key name.
- On the Algorithm screen, select with dual master key if
there is a dual master key in the master database.
- (Optional) Click Summary to verify your settings:
- Key name
- Key length – 256.
- Encrypted by – master key.
- Initialization vector – random.
- Encrypted by
dual_control(master key + dual master key) – if you
selected with dual master key on the Algorithm
screen.