The SET ENCRYPTION PASSWORD statement sets the default password and hint
that will be used by the encryption and decryption functions. The password
is not associated with authentication and is only used for data encryption
and decryption.
This statement can be embedded in an application program or issued interactively.
It is an executable statement that can be dynamically prepared.
No authorization is required to execute this statement.
.-=-.
>>-SET--ENCRYPTION PASSWORD--+---+------------------------------>
>--+-password-variable--------+--------------------------------->
'-password-string-constant-'
>--+--------------------------------------------+--------------><
| .-=-. |
'-WITH HINT--+---+--+-hint-variable--------+-'
'-hint-string-constant-'
- password-variable
- Specifies a variable that contains an encryption password.
The variable:
- Must be a CHAR, VARCHAR, UTF-16 or UCS-2 GRAPHIC, or UTF-16 or UCS-2 VARGRAPHIC
variable. The actual length of the contents of the variable must be between
6 and 127 inclusive or must be an empty string. If an empty string is specified,
the default encryption password is set to no value.
- Must not be the null value.
- All characters are case-sensitive and are not converted to uppercase characters.
- password-string-constant
- A character constant. The length of the constant must be between 6 and
127 inclusive or must be an empty string. If an empty string is specified,
the default encryption password is set to no value. The literal form of the
password is not allowed in static SQL or REXX.
- WITH HINT
- Indicates that a value is specified that will help data owners remember
passwords (for example, 'Ocean' as a hint to remember 'Pacific'). If a hint
value is specified, the hint is used as the default for encryption functions.
The hint can subsequently be retrieved for an encrypted value using the GETHINT
function. If this clause is not specified and a hint is not explicitly specified
on the encryption function, no hint will be embedded in encrypted data result.
- hint-variable
- Specifies a variable that contains an encryption password hint.
The variable:
- Must be a CHAR, VARCHAR, UTF-16 or UCS-2 GRAPHIC, or UTF-16 or UCS-2 VARGRAPHIC
variable. The actual length of the contents of the variable must not be greater
than 32. If an empty string is specified, the default encryption password
hint is set to no value.
- Must not be the null value.
- All characters are case-sensitive and are not converted to uppercase characters.
- hint-string-constant
- A character constant. The length of the constant must not be greater
than 32. If an empty string is specified, the default encryption password
hint is set to no value.
Password protection: To prevent inadvertent access
to the encryption password, do not specify password-string-constant in
the source for a program, procedure, or function. Instead, use a variable.
When connected to a remote relational database, the specified password
itself is sent "in the clear". That is, the password itself is not encrypted.
To protect the password in these cases, consider using a communications encryption
mechanism such as IPSEC (or SSL if connecting between iSeries™ systems).
Transaction considerations: The SET ENCRYPTION PASSWORD
statement is not a commitable operation. ROLLBACK has no effect on the default
encryption password or default encryption password hint.
Initial encryption password value: The initial value
of both the default encryption password and the default encryption password
hint is the empty string ('').
Encryption password scope: The scope of the default
encryption password and default encryption password hint is the activation
group and connection.
Set the ENCRYPTION PASSWORD to the value in :hv1.
SET ENCRYPTION PASSWORD :hv1
[ Top of Page | Previous Page | Next Page | Contents |
Index ]