Encrypting all data on the device client requires multiple techniques.
| Component | Implementation notes |
|---|---|
| Device data | Sybase recommend full device encryption with Afaria. See the Afaria documentation for details. |
| Device client database |
(Not applicable to Online Data Proxy) A <package>DB.generateEncryptionKey() method in the Object API for MBO packages should always be used during application initialization. It computes a random AES-128 bit encryption key used to encrypt the client database. The encryption key is stored in the data vault. |
| Data vault | The DataVault APIs provide a secure way to persist and encrypt data on the device. The data vault uses AES-128 symmetric encryption of all its contents. The AES key is computed as a hash of the passcode provided and a "salt" value that is usually set by the SUP device application developer. |