When an encrypted table is created, an AES key is randomly generated (or can be specified with the AESKEY= option). The key is then encrypted using an AES key derived from the specified PASSPHRASE. The AES encryption specified for the user data encryption (AES128, AES192, or AES256) is also used for the passphrase protection of the internal catalog-stored key.

After an encrypted table is created, access to the encrypted data must be enabled through a MODIFY statement that specifies the correct passphrase. At this point, an in-memory-only decrypted key is created for use by the encryption and decryption code. At server shutdown, this decrypted key is cleared and the encrypted data is effectively locked. At server startup, the MODIFY must be issued again to access the encrypted data.

A fixed number of encryption keys are available while the Ingres server is active. This value is controlled by the dmf_crypt_maxkeys configuration parameter in CBF. This number represents the largest number of encrypted tables that can be unlocked and accessed at any one time for all databases in the installation. Slots in this shared memory table are freed when a table is relocked or dropped, and when a database is deleted with destroydb.