Database files and log files that are used as part of the
Sybase Unwired Platform
data tier can be encrypted. The databases that use this database type are the CDB, the
monitoring database, and the domain log database.
Shut down the database server.
Stop all
Sybase Unwired Platform
services.
Navigate to .../UnwiredServer/bin/sqlanywhereoptions.ini to
locate the required *.db file.
Launch dbisql from
SUP_HOME\Servers\SQLAnywhereXX\BINXX.
Connect to a database, other than the client database you want to
encrypt.
From dbisql, issue:
CREATE ENCRYPTED DATABASE ‘newdbfile’ FROM ‘existingdbfile’ KEY ‘someKey’ ALGORITHM ‘algorithm’
Supported algorithms include:
SIMPLE
AES
AES256
AES_FIPS
AES256_FIPS
Note: FIPS options are available only as a separately licensed
option for SQLAnywhere.
Once the database files and log files are encrypted:
Shut down the database server.
Restart the database server with the -ek <encryption key> database option.
For a single node, use the -ek <encryption key>
directly after the target newdbfile full path.
For a cluster node, you must change the target option file. Use the
-ek <encryption key> directly after the target
newdbfile full path as a database option.
This modifies the server startup to use the encrypted copy of the database
file.
Restart all stopped services.
Note: If you use the Start Sybase Unwired Platform Services desktop
shortcut, the .ini file is overwritten. Therefore, you should
set the .ini file to as read only for the account that runs
the database service and prohibit all access for any other accounts in order to
keep the encryption key secret.