SET ENCRYPTION PASSWORD

The SET ENCRYPTION PASSWORD statement sets the default password and hint that will be used by the encryption and decryption functions. The password is not associated with authentication and is only used for data encryption and decryption.

Invocation

This statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared.

Authorization

No authorization is required to execute this statement.

Syntax

Click to skip syntax diagram
Read syntax diagramSkip visual syntax diagram                             .-=-.
>>-SET--ENCRYPTION PASSWORD--+---+------------------------------>
 
>--+-password-variable--------+--------------------------------->
   '-password-string-constant-'
 
>--+--------------------------------------------+--------------><
   |            .-=-.                           |
   '-WITH HINT--+---+--+-hint-variable--------+-'
                       '-hint-string-constant-'
 

Description

password-variable
Specifies a variable that contains an encryption password.

The variable:

password-string-constant
A character constant. The length of the constant must be between 6 and 127 inclusive or must be an empty string. If an empty string is specified, the default encryption password is set to no value. The literal form of the password is not allowed in static SQL or REXX.
WITH HINT
Indicates that a value is specified that will help data owners remember passwords (for example, 'Ocean' as a hint to remember 'Pacific'). If a hint value is specified, the hint is used as the default for encryption functions. The hint can subsequently be retrieved for an encrypted value using the GETHINT function. If this clause is not specified and a hint is not explicitly specified on the encryption function, no hint will be embedded in encrypted data result.
hint-variable
Specifies a variable that contains an encryption password hint.

The variable:

  • Must be a CHAR, VARCHAR, UTF-16 or UCS-2 GRAPHIC, or UTF-16 or UCS-2 VARGRAPHIC variable. The actual length of the contents of the variable must not be greater than 32. If an empty string is specified, the default encryption password hint is set to no value.
  • Must not be the null value.
  • All characters are case-sensitive and are not converted to uppercase characters.
hint-string-constant
A character constant. The length of the constant must not be greater than 32. If an empty string is specified, the default encryption password hint is set to no value.

Notes

Password protection: To prevent inadvertent access to the encryption password, do not specify password-string-constant in the source for a program, procedure, or function. Instead, use a variable.

When connected to a remote relational database, the specified password itself is sent "in the clear". That is, the password itself is not encrypted. To protect the password in these cases, consider using a communications encryption mechanism such as IPSEC (or SSL if connecting between iSeries™ systems).

Transaction considerations: The SET ENCRYPTION PASSWORD statement is not a commitable operation. ROLLBACK has no effect on the default encryption password or default encryption password hint.

Initial encryption password value: The initial value of both the default encryption password and the default encryption password hint is the empty string ('').

Encryption password scope: The scope of the default encryption password and default encryption password hint is the activation group and connection.

Example

Set the ENCRYPTION PASSWORD to the value in :hv1.

SET ENCRYPTION PASSWORD :hv1


[ Top of Page | Previous Page | Next Page | Contents | Index ]