Altering the Database to Create the SEP
Go Up to Setting the System Encryption Password (SEP)
The SYSDSO uses the ALTER DATABASE command to create the SEP.
To create a SEP, use the following syntax:
alter database set system encryption password <255-character string>
The string can be up to 255 characters long and can include spaces. The system encryption password is encrypted with a key derived from machine specific information and stored in the database. This effectively node locks the database to the machine but allows the database to be attached without a user having to pass the system encryption password in plaintext. Thus, subsequent connections on the same machine need not provide the SEP.
However, if the database file is copied and installed on a different machine, the node-lock feature disallows direct loading of the database without the user providing the SEP. After moving a database with a node-locked SEP to another machine, you must login as SYSDSO with the current SEP set via the SEP environment variable or DPB. The SYSDSO can then perform ALTER DATABASE SET SYSTEM ENCRYPTION PASSWORD to create a new SEP.
Just “setting” the SEP to connect to the database does not redefine or re-node-lock the SEP. You can continue to provide the SEP externally though you may want to alter the sep command to re-node-lock it to the new machine.