SET ENCRYPTION PASSWORD statement
Use the SET ENCRYPTION PASSWORD statement to define or reset a session password for the encryption and decryption of character, BLOB, or CLOB values.
Only OneDB supports this statement, which is an extension to the ANSI/ISO standard for SQL. You can use this statement with ESQL/C.
Syntax
| Element | Description | Restrictions | Syntax |
|---|---|---|---|
| hint | String that GETHINT returns from an encrypted argument | (0 byte) < hint < (32 bytes). Do not include the password in the hint. | Expression |
| password | Password (or a multi-word phrase) for data encryption | (6 bytes) < password < (120 bytes). Do not specify your login password. | Expression |
Usage
The SET ENCRYPTION PASSWORD statement declares a password to support data confidentiality through built-in functions that use the Triple-DES or AES algorithms for encryption and decryption. These functions enable the database to store sensitive data in an encrypted format that prevents anyone who cannot provide the secret password from viewing, copying, or modifying encrypted data.
The password is not stored as plain text in the database and is not accessible to the DBA. This security feature is independent of the Trusted Facility feature.
If the network is not secure, all of the database servers in a distributed query need ENCCSM enabled, so that the password is not transmitted as plain text. For information about how to enable a communication support module (CSM), see your HCL OneDB Administrator's Guide.
Operations on encrypted data tend to be slower than corresponding operations on plain text data, but use of this feature has no effect on unencrypted data.
The SET ENCRYPTION PASSWORD statements can be prepared, and EXECUTE IMMEDIATE can process a prepared SET ENCRYPTION PASSWORD statement.