drop encryption key

Description

Allows key owners to drop the named encryption key.

Syntax

drop encryption key [[database.][owner].]keyname

The syntax for explicitly dropping an external login password service key is

drop encryption key syb_extpasswdkey
	with password encryption downgrade

The syntax for explicitly dropping a hidden text service key is:

drop encryption key syb_syscommkey_dddddd

Or:

drop encryption key syb_syscommkey with text encryption downgrade

Parameters

database

is the name of the database.

owner

is the owner.

keyname

is the name of the key.

syb_extpasswdkey

name of the service key

When you specify with password encryption downgrade, Adaptive Server resets external login passwords with the algorithm used in versions earlier than 15.7, and the Replication Agent password, and the CIS and RTMS external login passwords are reset to an invalid value.

After the key is dropped, the administrator must reenter the passwords manually to resume using the corresponding services.

syb_syscommkey_ddddddd

is the explicit name of an individual syscomments service key to be dropped.

syb_syscommkey with text encryption downgrade

Adaptive Server reencrypts all the hidden text in syscomments with the algorithm used in versions earlier than 15.7.

Examples

Example 1

Drops the encryption key cc_key:

drop encryption key cust.dbo.cc_key

Usage

Permissions

The permission checks for drop encryption key differ based on your granular permissions settings.

Granular permissions enabled

With granular permissions enabled, you must be the key owner or a user with manage any encryption key privilege.

Granular permissions disabled

With granular permissions disabled, you must be the key owner or a user with sa_role.

Auditing

Values in event and extrainfo columns of sysaudits are:

Event

Audit option

Command or access audited

Information in extrainfo

109

drop encryption key

  • Roles – current active roles

  • Keywords or options – NULL

  • Previous value – NULL

  • Current value – NULL

  • Other information – NULL

  • Proxy information – original login name, if set proxy is in effect

See also

create encryption key, alter encryption key, sp_encryption, sp_help