Only the database owner can perform database-level decryption. Decrypting a database causes all pages to be decrypted and rewritten in plaintext.
To decrypt a database, use the following syntax:
alter database decrypt
An isc_database_info()call can be made to determine if database-level encryption is enabled, by passing an isc_info_db_encrypted info item. A value of 1 is returned if the database is encrypted and a value of 0 if not. GSTAT indicates the database is encrypted in the Variable header data section of the header page display and isql does likewise with the Show Database command.
A column can be re-encrypted with another key or decrypted. The table needs exclusive access before this operation can proceed. All rows in the table are re-encrypted and the former column data, including blobs, are zeroed from the database so that it is no longer visible. If more than a single column in a table is altered for a change in encryption, you should disable auto-commit of DDL statements. This allows the multiple columns to be re-encrypted in a single pass over the table, which can save time on very large tables.
To decrypt a column, use the following syntax:
alter table table-name alter [column] column-name decrypt