The System Security Officer uses sp_encryption to set the system encryption password. The system password is specific to the database where sp_encryption is executed, and its encrypted value is stored in the sysattributes system table in that database.
sp_encryption system_encr_passwd, password
password can be as many as 64 bytes in length, and is used by Adaptive Server to encrypt all keys in the selected database. Once the system encryption password has been set, you need not specify this password to access keys or data.
The system encryption password must be set in every database where encryption keys are created. If all keys are stored in one designated database, then only that database requires a system encryption password. Encrypted columns may be created in the same database as the keys or in other databases.
The System Security Officer can change the system password by using sp_encryption and supplying the old password:
sp_encryption system_encr_passwd, password [ , old_password]
When the system password is changed, Adaptive Server automatically reencrypts all keys in the database with the new password.
You can unset the system encryption password by supplying “null” as the argument for password and supplying the value for old_password. You can remove the system password only if you have dropped all the encryption keys in that database.
