Replicating encrypted columns

As of version 15.0, Replication Server supports replication of encrypted columns in Adaptive Server. Replication Server replicates the encrypted columns from the primary Adaptive Server database, in binary format as ciphertext values, rather than clear text values.

The encryption keys for the primary and the replicate databases must be identical. Use replication to create the encryption key at the replicate database, or use a dump and load command to ensure that the encryption keys are identical.

Replication Server in a warm standby and in an MSA environment replicates the create, alter, and drop commands of the encryption keys. It also replicates alter table to encrypt or decrypt a column. To replicate the create, alter, and drop encryption key DDL commands, the system_encr_passwd must be identical for both the primary and the replicate databases.

If the encryption keys are stored in a separate database, ensure that it is synchronized at the same time as the database containing the encrypted columns using those encryption keys.

If data has diverged between the primary and the replicate databases because of earlier encryption keys or because of differences between the initialization vector and the padding, manually sync the data to avoid failures of update and delete statements.

Restrictions

Replicating encrypted columns has these restrictions:

“Length of encrypted columns,” in Chapter 3, “Encrypted Data” in the Adaptive Server Enterprise Encrypted Column Users Guide to determine the length of the column.

Noters_subcmp supports replication of encrypted columns in Adaptive Server.