Fully Encrypting Databases

Considerations when encrypting or decrypting databases.

  • Database encryption occurs while the database is running. This means the database is accessible by other users while it is being encrypted; you need not put it into single-user mode.
  • The encryption process does not interrupt user queries, updates, or insert operations on the database.
  • You can suspend and resume database encryption, so that you can resume encrypting the database after restarting SAP ASE.
  • The encryption operation is not transactional.
  • You can alter both archive and temporary databases for encryption and decryption.
  • SAP ASE records the encryption progress of a database and provides utilities to report its status.
The command fails if:
  • You use it on a database that is already encrypted.
  • You use it on a database that is being encrypted. If you use this command on a partially encrypted database, but there is no encryption process running in SAP ASE, the command resumes encryption from the location where it was last suspended as long as you use the same database encryption key name in your previous command to encrypt the database.
Restrictions:
  • You cannot encrypt the master and model databases.
  • You cannot decrypt a database that is being encrypted, or encrypt a database that is being decrypted.
  • You cannot drop or unmount a database when it is being encrypted.
  • You cannot load another database on top of a database that is being encrypted.
  • You cannot back up (dump) a database while a database is being encrypted.