Encryption in DB2 Everyplace is designed for securing data on a mobile or embedded device. This topic provides a quick overview of local data encryption to help get you started. The following topics are discussed:
Why use local data encryption?
Consider a corporate sales application that contains customer contact data. A mobile salesperson might bring this data in their PDA to a customer visit. Unless the application or PDA provides a secure storage system, the data can easily be accessed using the application or by investigating the native file system of the mobile device. Encrypting sensitive data becomes a crucial aspect of protecting corporate information.
Local data encryption goals
DB2 Everyplace provides a solution that allows for an application to implement a corporate security policy. The first goal is to encrypt secret or sensitive information stored in DB2 Everyplace tables. Data is encrypted using standard encryption methods like DES which implements encryption keys. The second goal is to provide a secure framework to be able to manage the keys used to encrypt the data. The user is required to provide a user ID and password at the time of database connection. For more information, see Managing encryption privileges.
For more information on using data encryption, see Encryption using the DB2eCLP.
Prerequisites
This section describes how encryption is enabled for each platform and lists the libraries that are needed in addition to those required by the DB2 Everyplace database.
For Win32:
For Windows CE/Pocket PC
For Palm OS
For Linux/Neutrino
For Symbian
Procedure
To use data encryption:
Subsequent access to encrypted tables: If a database contains the DB2eSYSUSERS table, any subsequent database connection will go through user authentication with the provided user ID and password. If authenticated fails, the application can access only non-encrypted tables. The application cannot create new encrypted tables, cannot drop existing encrypted tables, or access and update encrypted data.