Adaptive Server 15.0.2 ddlgen support

The ddlgen utility also supports 15.0.2 encryption keys.

For 15.0.2 encryption, two things can happen if users do not specify the -XOD flag in ddlgen:

• If users did not specify a password when the encryption key was created, ddlgen generates DDL with no password.

• If users specified a password when the encryption key was first created, ddlgen generates the default password of ‘password’. This is similar to what ddlgen does for roles and login passwords, and its output looks similar to the following:

  -----------------------------------------------------------------------
  -- DDL for EncryptedKey 'ssn_key'
  -----------------------------------------------------------------------
  print 'ssn_key'
  
  --The DDL is generated with a default password – 'password' as
  --a password was specified when this key was created.
  
  create encryption key SampleKeysDB.dbo.ssn_key for AES
  with keylength 128 
  passwd 'password'
  init_vector random 
  go
  

In 15.0.2, when a user specifies “-XOD” in the ddlgen command, ddlgen generates DDL that includes a system encryption password (if it has been set and DDL is generated for a key encrypted with a system encryption password) and DDL for keys.

The following syntax generates a system encryption password:

ddlgen -Usa -P -Sserver -TEK -NsampleKeysdb.dbo.ek1 -XOD

The output for the command is:

-- System Encryption Password

use SampleKeysDB
go 

sp_encryption 'system_encr_passwd',
'0x8e050e3bb607225c60c7cb9f59124e99866ca22e677b2cdc9a4d09775850f4721',
NULL, 2, 0
go 

--------------------------------------------------------------------------
-- DDL for EncryptedKey 'ek1'
--------------------------------------------------------------------------

print '<<<<< CREATING EncryptedKey - "ek1" >>>>>'
go 

create encryption key SampleKeysDB.dbo.ek1 for AES
with keylength 128 
passwd 0x0000C7BC28C3020AC21401
init_vector NULL 
keyvalue 0xCE74DB1E028FF15D908CD066D380AB4AD3AA88284D6F7742DFFCADCAABE4100D01 
keystatus 32 
go