Database files and log files that are used as part of the
SAP Mobile Platform
data tier can be encrypted. The databases that use this database type are the CDB, the
monitoring database, and the domain log database.
Shut down the database server.
Stop all
SAP Mobile Platform
services.
Navigate to .../UnwiredServer/bin/sqlanywhereoptions.ini to
locate the required *.db file.
Launch dbisql from SMP_HOME\Servers\SQLAnywhereXX\BINXX.
Connect to a database other than the client database you want to
encrypt.
From dbisql, issue:
CREATE ENCRYPTED DATABASE ‘newdbfile’ FROM ‘existingdbfile’ KEY ‘someKey’ ALGORITHM ‘algorithm’
Supported algorithms include:
SIMPLE
AES
AES256
AES_FIPS
AES256_FIPS
Note: FIPS options are available only as a separately licensed
option for SQLAnywhere.
Once the database files and log files are encrypted:
Shut down the database server.
Restart the database server with the -ek <encryption key> database option.
For a single node, use -ek
<encryption key> directly after the target newdbfile full path.
For a cluster node, you must change the target option
file. Then use -ek <encryption
key> directly after the target newdbfile full path as the database option.
This modifies the server start-up to use the encrypted copy of the
database file.
Restart all stopped services.
Note: If you use the Start SAP Mobile Platform Services desktop shortcut, the .ini file is overwritten. Therefore, you should set
the .ini file to as read-only for the account
that runs the database service, and prohibit all access for any other accounts, to
keep the encryption key secret.