Contents Index CREATE DOMAIN statement CREATE EVENT statement

ASA SQL Reference
  SQL Statements

CREATE ENCRYPTED FILE statement


Description 

This statement encrypts strongly encrypted databases, transaction log files, or dbspaces.

Syntax 

CREATE ENCRYPTED FILE newfile
FROM oldfile
KEY key
ALGORITHM algorithm

Parameters 

FROM    Lists the filename of the unencrypted file.

KEY    Lists the key assigned to the encrypted file.

ALGORITHM    Can be either AES (default) or MDSR. MDSR is only supported on 32-bit Windows operating systems.

Usage 

This statement takes an unencrypted database, transaction log file or dbspace and creates a new encrypted file. The original file must not be encrypted. The resulting file is an exact copy of the original file, except that it is encrypted using the specified algorithm and key.

If a database is encrypted using this statement, the corresponding transaction log file (and any dbspaces) must also be encrypted with the same algorithm and key in order to use the database. You cannot mix encrypted and unencrypted files, nor can you mix encrypted files with different encryption algorithms or different keys.

If a database requiring recovery is encrypted, its transaction log file must also be encrypted and recovery on the new database will still be necessary.

The name of the transaction log file remains the same in this process, so if the database and transaction log file are renamed, then you need to run dblog -t on the resulting database.

You can encrypt an existing database or change an existing encryption key by unloading and reloading the database using the -an option with either -ek or -ep. You can also use the CREATE ENCRYPTED FILE statement in conjunction with the CREATE DECRYPTED FILE statement to change an encryption key.

Permissions 
Side effects 

None.

Example  

The following example decrypts the contacts database and creates a new unencrypted database called contacts2.

CREATE ENCRYPTED FILE 'contacts2.db'
FROM 'contacts.db'
KEY 'Sd8f6654*Mnn'

The following example encrypts the contacts database and the contacts log file, renaming the both files. You will need to run dblog -ek abcd -t contacts2.log contacts.db, since the log has been renamed and the database file still points at the old log.

CREATE ENCRYPTED FILE 'contacts2.db'
FROM 'contacts.db'
KEY 'Sd8f6654*Mnn'
CREATE ENCRYPTED FILE 'contacts2.log'
FROM 'contacts.db'
KEY 'Te9g7765*Noo'
Example 3 

The following example encrypts the contacts database and the contacts log file, leaving the original log file name untouched. In this case, you do not need to run dblog, since the name of the file remains the same.

CREATE ENCRYPTED FILE 'newpath\contacts.db'
FROM 'contacts.db'
KEY 'Sd8f6654*Mnn'
CREATE ENCRYPTED FILE 'newpath\contacts.log'
FROM 'contacts.log'
KEY 'Sd8f6654*Mnn'
Example 4 

The following example changes the encryption key of the contacts database.

CREATE DECRYPTED FILE 'temp.db'
FROM 'contacts.db'
KEY 'oldkey'
del contacts.db
CREATE ENCRYPTED FILE 'contacts.db'
FROM 'temp.db'
KEY 'newkey'
del temp.db

Contents Index CREATE DOMAIN statement CREATE EVENT statement