The system encryption password is a database-specific password, and is the secondary default encryption method for the DEK or CEK.
SAP ASE uses the system encryption password to encrypt keys created in a specified database without an explicit password clause. Once the system security officer or key custodian has set a system encryption password, you need not specify this password to process encrypted columns. SAP ASE internally accesses the system encryption password when it needs to encrypt or decrypt column encryption keys.
sp_encryption system_encr_passwd, password
password can be as many as 255 bytes in length.
Set a system encryption password only in the database where encryption keys are created.
The system encryption password protects your encryption keys. Choose long and complex system encryption passwords. Longer passwords are harder to guess or crack by brute force. Include uppercase and lowercase letters, numbers, and special characters in the system encryption password. SAP recommends that the system encryption password be at least 16 bytes in length.
SAP ASE enforces compliance of the system encryption password with the minimum password length and check password for digit configuration parameters.
sp_encryption system_encr_passwd, password [ , old_password]
Periodically change the system encryption password, especially when an administrator who knows the system encryption password leaves the company. When the system password is changed, SAP ASE automatically reencrypts all keys in the database with the new password. Encrypted data is unaffected when the system password is changed, in other words, it is not decrypted and reencrypted.
You can u-set the system encryption password by supplying “null” as the argument for password and supplying the value for old_password. Unset the system password only if you have dropped all the encryption keys in that database that were encrypted by the system encryption password.
Column Name | Value |
---|---|
class | 43 |
object | dbid (database ID) |
object_info1 | Starting logical page ID |
object_info2 | Ending logical page ID |
int_value | Last encrypted logical page ID on one storage allocation |