SQL Anywhere 11.0.1.

Hi all,

Is it fair to say that the SQL Anywhere database can be encrypted to
AES-256bit encryption and that the Ultralite can be encrypted to 128-bit AES
encryption?

If so, is the Ultralite FIPS compliant?

Cheers,

Shao

http://dcx.sybase.com/index.html#110...s-3333653.html

AES 128-bit strong encryption UltraLite databases can be strongly
encrypted using the AES 128-bit algorithm, which is the same algorithm used
to encrypt SQL Anywhere databases. Strong encryption provides security
against skilled and determined attempts to gain access to the data, but has
a significant performance impact. You set encryption in the wizards by
selecting the Encrypt Database option and then selecting AES Strong
Encryption. Using a creation utility, you set the key with the key
connection parameter. This same parameter is used by end users when
connecting to the database after it has been created. You do not need any
special configuration to use AES encryption on your device. See UltraLite
fips creation parameter.


http://dcx.sybase.com/index.html#110...d-5709917.html

Supported strong encryption algorithms
The algorithm used to implement SQL Anywhere strong encryption is AES: a
block encryption algorithm chosen as the new Advanced Encryption Standard
(AES) for block ciphers by the National Institute of Standards and
Technology (NIST). It has many properties that lend itself well to
encryption of SQL Anywhere databases in terms of performance and size.

You can also specify a separate FIPS-approved AES algorithm for strong
encryption using the AES_FIPS (128-bit) or AES256_FIPS (256-bit) type. When
the database server is started with the -fips option, you can run databases
encrypted with AES, AES256, AES_FIPS, or AES256_FIPS strong encryption, but
not databases encrypted with simple encryption. Unencrypted databases can
also be started on the server when -fips is specified. See -fips server
option.

The SQL Anywhere security option must be installed on any computer used to
run a database encrypted with AES_FIPS or AES256_FIPS.

Supported strong encryption algorithms
The algorithm used to implement SQL Anywhere strong encryption is AES: a
block encryption algorithm chosen as the new Advanced Encryption Standard
(AES) for block ciphers by the National Institute of Standards and
Technology (NIST). It has many properties that lend itself well to
encryption of SQL Anywhere databases in terms of performance and size.

You can also specify a separate FIPS-approved AES algorithm for strong
encryption using the AES_FIPS (128-bit) or AES256_FIPS (256-bit) type. When
the database server is started with the -fips option, you can run databases
encrypted with AES, AES256, AES_FIPS, or AES256_FIPS strong encryption, but
not databases encrypted with simple encryption. Unencrypted databases can
also be started on the server when -fips is specified. See -fips server
option.

The SQL Anywhere security option must be installed on any computer used to
run a database encrypted with AES_FIPS or AES256_FIPS.

http://dcx.sybase.com/index.html#110...statement.html

ENCRYPTED or ENCRYPTED TABLE clause Encryption makes stored data
unreadable. Use the ENCRYPTED keyword (without TABLE) when you want to
encrypt the entire database. Use the ENCRYPTED TABLE clause when you only
want to enable table encryption. Enabling table encryption means that the
tables that are subsequently created or altered using the ENCRYPTED clause
are encrypted using the settings you specified at database creation. See
Table encryption.

There are two levels of database and table encryption: simple and strong.
Simple encryption is equivalent to obfuscation. The data is unreadable, but
someone with cryptographic expertise could decipher the data. Strong
encryption makes the data is unreadable and virtually undecipherable.

For simple encryption, specify ENCRYPTED ON ALGORITHM SIMPLE, or ENCRYPTED
ALGORITHM SIMPLE, or specify the ENCRYPTED ON clause without specifying an
algorithm or key.

For strong encryption, specify ENCRYPTED ON ALGORITHM with a 128-bit or
256-bit AES algorithm, and the KEY clause to specify an encryption key. It
is recommended that you choose a value for your key that is at least 16
characters long, contains a mix of uppercase and lowercase, and includes
numbers, letters, and special characters.

On Windows Mobile, the AES_FIPS and AES256_FIPS algorithms are only
supported with ARM processors.

UltraLite provides encryption libraries compliant with the FIPS 140-2 US
and Canadian government standard (using a Certicom certified
cryptographic module). You set FIPS compliant encryption with the fips
creation parameter. The user must supply the required key in their
connection string. AES FIPS encryption requires that you configure your
device appropriately. See Deploy UltraLite with AES_FIPS database
encryption, and UltraLite fips creation parameter.



Shao Chan wrote:

Thanks Chris for the fast response.

Just a quick query. Is FIPS 140-2 compliant encryption always 256-bit if
AES?

It's not clear in the documentation.

Cheers,

Shao

"Chris Keating (Sybase iAnywhere)" <keating_nospam (AT) sybase (DOT) com> wrote in
message news:4b13f118$1 (AT) forums-1-dub (DOT) ..

The reference below is from the documentation reference
UltraLite - Database Management and Reference
» Using UltraLite Databases
» Creating and configuring UltraLite databases
» Securing UltraLite databases

In that documentation ,there is a boxed note that states

Both the FIPS and AES database encryption types use 128-bit AES.
Therefore, if you use the same encryption key, the database is encrypted
the same way irrespective of the standard you choose.

-chris

Shao Chan wrote:

Hi Chris,

Thanks for that clarification.

Cheers,

Shao

"Chris Keating (Sybase iAnywhere)" <keating_nospam (AT) sybase (DOT) com> wrote in
message news:4b13f6dc$1 (AT) forums-1-dub (DOT) ..