How Encryption Works
You create an encrypted database by using the -encrypt flag on the createdb command. At that time, you are prompted to enter an initial passphrase that will be used to lock and unlock the encrypted database. Createdb leaves an encrypted database unlocked until the DISABLE PASSPHRASE statement is issued and the X100 server is terminated and restarted.
When an encrypted database is created, an AES key is randomly generated. The key is then encrypted using an AES key derived from the specified PASSPHRASE.
The database is unlocked using the ENABLE PASSPHRASE statement that specifies the correct passphrase. An in-memory-only decrypted key is created for use by the encryption and decryption code. At server shutdown, this decrypted key is cleared, and the encrypted data is effectively locked. At server startup, the ENABLE PASSPHRASE must be issued again to access the encrypted data.
Last modified date: 01/26/2023