Security Guide > Using Data Encryption > Encryption Information Displayed with HELP TABLE
Was this helpful?
Encryption Information Displayed with HELP TABLE
The HELP TABLE statement displays encryption information for tables that contain encrypted columns.
For example, column encryption of the socsec1 table is defined at the DBMS level. Here is an excerpt from the output from HELP TABLE socsec1:
Column Information:
                                                        Key
Column Name            Type       Length Nulls Defaults Seq
fname                  char           10  yes    null
lname                  char           20  yes    null
socsec                 char           11  yes    null
 
Secondary indexes:    none
Column encryption:    AES256
Alter table totwidth: 48
Encrypted width:      48
 
Encrypted Column Name            Type        Width Salt
socsec                           char           16 no
Encryption-related fields are:
Column encryption
Encryption type
Alter table totwidth
Physical width of encrypted columns
Encrypted width
Physical width of the table
Encrypted Column Name…Width
Physical width of the named column
In this example, the logical row width of the table (width as seen by applications) is 44, which is the sum of the column widths including the NULL bytes. Since AES is a block encryption algorithm, encrypted column widths as stored on disk will always be a multiple of 16. The NULL byte and a data verification hash value are included in the encrypted data. In this case, the socsec column with NULL (12 bytes) plus verifying hash (4 bytes) exactly fits in one AES block. Partial AES blocks are padded as needed in cases where the user data is not an exact fit. As the column socsec is defined with NO SALT, no additional bytes for the salt need to be stored. For more information see the topic “Understanding Salt”.
Restrictions for table column encryption
An encrypted column cannot be part of a table key.
An encrypted column can be indexed, but the column must be defined with NOSALT, the index must be on the one column only (no composite indexes) and the index must be of type HASH.
Note:  Due to the nature of encrypted data, only exact lookups are possible using the index. Because range and pattern queries cannot use the index, they would typically require a full table scan; such queries may be prohibitively costly.
Last modified date: 01/27/2026