Encryption keys are supported for ASE v12.5.3a and higher. PowerDesigner models encryption keys as extended objects with a stereotype of <<EncryptionKey>>.
Adaptive Server authentication and access control mechanisms ensure that only properly identified and authorized users can access data. You can encrypt data at the system, database level or at the column level, to restrict your security measures to only sensitive data, and minimize processing overhead.
Encrypting columns in Adaptive Server is more straightforward than using encryption in the middle tier, or in the client application. You use SQL statements to create the encryption keys and specify columns for encryption. Adaptive Server handles key generation and storage. Encryption and decryption of data occurs automatically and transparently as you write and read the data in encrypted columns. No application changes are required, and there is no need to purchase third-party software.
You can modify an object's properties from its property sheet. To open an encryption key property sheet, double-click its Browser entry in the Encryption Keys folder.
The following extended attributes are available on the Sybase tab:
|
Name |
Description |
|---|---|
|
Owner |
Specifies the owner of the encryption key. Scripting name: Owner |
|
For database encryption |
Specifies that the encryption key will encrypt the entire database, rather than individual columns. Selecting this option sets the Key to master key with a length of 256, enables the Initialization vector option and disables the Padding of datatypes option. Scripting name: ForDatabaseEncryption |
|
Key |
Specifies the kind of key. You can choose between:
Scripting name: Passwd, PasswordPhrase |
|
Algorithm |
Specifies the algorithm used to generate the encryption key. Currently, Advanced Encryption Standard (AES) is the only algorithm supported. Scripting name: Algorithm |
|
Key length |
Specifies the size in bits of the key to be created. Valid key lengths for AES are 128, 192 and 256 bits. Scripting name: KeyLength |
|
Initialization vector |
Controls the use of an initialization vector when encrypting. When an initialization vector is used by the encryption algorithm, the ciphertext of two identical pieces of plaintext will be different, which would prevent the cryptanalyst from detecting patterns of data but would render the data on disk useless for indexing or matching without decryption. This option is enforced when the For database encryption option is selected. Scripting name: InitVector |
|
Padding of datatypes |
Specifies the use of padding for datatypes whose length is less than one block. Padding can be used instead of an initialization vector to randomize the ciphertext. It is only suitable for columns whose plaintext length is less than half the block length. For the default AES algorithm the block length is 16 bytes. This option is disabled when the For database encryption option is selected. Scripting name: Pad |
|
Default encryption key |
Allows the System Security Officer to create a default key for use on all encrypted columns which do not have a keyname specified in create table or alter table. This is a database specific default key for use with tables in the same database. The default key is stored in the database sysencryptkeys table, the same as non-default keys. Scripting name: Default |
|
Dual control |
[v16.0 and higher] Specifies that the key must be encrypted using dual controls. Scripting name: DualControls |
|
Password phrase |
[v15.0.2 to 15.7] Specifies a default key for use on all encrypted columns which do not have a keyname specified in create table or alter table. This is a database specific default key for use with tables in the same database. The default key is stored in the database sysencryptkeys table, the same as non-default keys. Scripting name: PasswordPhrase |