Use the SET ENCRYPTION PASSWORD statement to define or reset a session password for the encryption and decryption of character, BLOB, or CLOB values.

Only OneDB supports this statement, which is an extension to the ANSI/ISO standard for SQL. You can use this statement with ESQL/C.


1  WITH HINT 'hint'
Element Description Restrictions Syntax
hint String that GETHINT returns from an encrypted argument (0 byte) < hint < (32 bytes). Do not include the password in the hint. Expression
password Password (or a multi-word phrase) for data encryption (6 bytes) < password < (120 bytes). Do not specify your login password. Expression


The SET ENCRYPTION PASSWORD statement declares a password to support data confidentiality through built-in functions that use the Triple-DES or AES algorithms for encryption and decryption. These functions enable the database to store sensitive data in an encrypted format that prevents anyone who cannot provide the secret password from viewing, copying, or modifying encrypted data.

The password is not stored as plain text in the database and is not accessible to the DBA. This security feature is independent of the Trusted Facility feature.

Important: By default, communication between client systems and HCL OneDB™ is in plain text.

Operations on encrypted data tend to be slower than corresponding operations on plain text data, but use of this feature has no effect on unencrypted data.

The SET ENCRYPTION PASSWORD statements can be prepared, and EXECUTE IMMEDIATE can process a prepared SET ENCRYPTION PASSWORD statement.