Using a Local Encryption Key

These topics provide information about Local Encryption Key

To use a local encryption key, the operator must manually generate an encryption key of the appropriate size for the cipher you want to use (ie a 192-bit, or 24 byte long encryption key). Then store it in a text file in base64 format. The file must have 600 permissions in UNIX/Linux and must be readable only the DBSA. In Windows the file must be owned by the Administrators group or the Informix user and readable only by the owner.

Once the file has been created the full path to the file must be set in the BAR_ENCRYPTION configuration parameter together with the cipher to use.

Note: It is not recommended to use local encryption keys, however they are necessary in certain scenarios. If you misplace your encryption key, there is no way for anybody, including technical support, to recover that backup.

Example to create the local encryption file for aes192 using the openssl utility:

openssl rand -base64 24 > /home/informix/etc/l_key192

Example to create the local encryption file for aes128 using the openssl and base64 utilities:

openssl rand 16 | base64  > /home/informix/etc/l_key128

Example on how the BAR_ENCRYPTION configuration parameter will look for the first example:

BAR_ENCRYPTION  keyfile=/home/informix/etc/l_key192,cipher=aes192

The keystore used to hold local Master Encryption Keys for Storage Space Encryption is not supported by Integrated Backup Encryption.