An Overview of Encryption Tasks

From InterBase

The following list identifies the tasks that need to be performed to encrypt a database and/or its columns, and to give users the appropriate access rights. The steps are typically performed by a SYSDSO and a database owner unless additional individuals are given encrypt privileges to specific columns. See Who Can Create Encryption? for more information about how the SYSDSO and database owner use the InterBase encryption feature.

To implement encryption using InterBase, perform the tasks listed in the table. The following sections provide detailed instructions on how to perform steps 3-7.

Step # Task Performed by


Ensure that Embedded User Authentication (EUA) is enabled on the database you plan to encrypt. For instructions on how to enable EUA using isql, see the InterBase Operations Guide. For instructions on how to enable EUA using IBConsole, see Encrypting a Database with IBConsole of this chapter.

Database owner


Create a System Database Security Owner (SYSDSO) account using the command on Creating the SYSDSO User.

Database owner


Create a System Encryption Password (SEP).



Create an encryption key for the database and/or the columns you want the database or table owner to encrypt.



Grant the database owner privileges to use the encryption keys to perform encryption.



Encrypt the database and/or columns.

Database owner or individual table owner


Grant or revoke decrypt privileges to other users.

Database owner or individual table owner