• When the passphrase is changed, database backups before this point in time must be accessed using the old passphrase. Subsequent backups must be accessed using the new passphrase. When restoring from a pre-existing database backup, log records cannot be rolled forward beyond the execution of the ALTER PASSPHRASE statement. It is therefore recommended to perform a new database backup after changing the passphrase.

• When the passphrase is changed, the main key is decrypted using the old passphrase, re-encrypted using the new passphrase, and then replaced in its storage location. The user data is not re-encrypted because only the passphrase — not the underlying table encryption keys — has changed.

• If the option NEWKEY is specified, the meta data containing the table keys is decrypted with the old database key and re-encrypted with the new database key. To perform this, a full write lock on the database is needed, and depending on the size of the meta data involved it can be a computationally expensive operation.

• If a backup or replication method works at the binary level by transferring and applying journal records, the original table and the replicate table must use the same table key. This will be the case if the replicate system originally was copied at the binary level (and the table key was not changed afterwards via ALTER KEYS).

• Encrypted data is usually unique at the binary level for each database. But outside of the database the data is not protected in the same manner. When data is copied to a flat file, it is unprotected. Such files should use an external protection method, such as password encrypting the entire file, or writing it to an encrypted device or file system.

• Encryption and Copydb/Unloaddb Considerations

• Optimizedb Considerations for Data at Rest Encryption