Service keys are 256-bit, persistent encryption keys used to strongly encrypt external login passwords and hidden text, and are stored in sysencryptkeys.
A static key – is the default key encryption key for service keys, and can be used if no master key has been created in the current database. With this method, SAP ASE can use service keys after an unattended start-up.
The master key – provides stronger protection than a static key. SAP ASE requires the password to decrypt the database-specific master key.
syb_extpasswdkey – identifies service key for encryption of external login passwords in sysattributes. Only one syb_extpasswdkey exists for any database. When the syb_extpasswdkey is changed, all data encrypted using the key is reencrypted using the new key.
Although external login passwords are generally stored in the master database, RepAgent stores this information in replicate databases.
syb_syscommkey_dddddd – identifies service key for encryption of hidden text in syscomments, where “dddddd” is a global identifier generated by SAP ASE to uniquely identify the key. The global identifier is included with the name to distinguish names when there are many syb_syscommkey keys associated with the same object. The global identifier distinguishes the key, on both the local database and in the replicate database.
Strong encryption of hidden text requires a service key in each database where sp_hidetext is executed to hide SQL text. When a new service key is created, any existing service key in the database persists until explicitly dropped, and any hidden text is not reencrypted until you reissue sp_hidetext.
During an upgrade to version 15.7 or later, procedural objects are recompiled from source. Connected users are restricted in what they can do until the master key password is entered for databases where strong encryption of hidden text is enabled, and service key is protected by master key.
use mydb go set encryption passwd password for key master go