SET ENCRYPTION PASSWORD

The SET ENCRYPTION PASSWORD statement sets the value of the encryption password and, optionally, the password hint. The encryption and decryption built-in functions use this password and password hint for data encryption unless the functions are invoked with an explicitly specified password and hint. The password is not tied to DB2® authentication and is used only for data encryption.

Invocation

The statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared.

Authorization

None required.

Syntax

                            .-=-.   
>>-SET ENCRYPTION PASSWORD--+---+------------------------------->

>--+-password-variable--------+--------------------------------->
   '-password-string-constant-'   

>--+--------------------------------------------+--------------><
   |            .-=-.                           |   
   '-WITH HINT--+---+--+-hint-variable--------+-'   
                       '-hint-string-constant-'     

Description

password-variable
Specifies a variable that contains an encryption password. The variable:
  • Must be a CHAR or VARCHAR variable. The actual length of the contents of the variable must be between 6 and 127 inclusive or must be an empty string. If an empty string is specified, the default encryption password is set to no value.
  • Must not be the null value.
  • All characters are case-sensitive and are not converted to uppercase characters.
password-string-constant
A character constant that contains an encryption password. The length of the constant must be between 6 and 127 inclusive or must be an empty string. If an empty string is specified, the default encryption password is set to no value. All characters are case-sensitive and are not converted to uppercase characters.
WITH HINT
Indicates that a value is specified that will help you remember passwords (for example, 'Ocean' as a hint to remember 'Pacific'). If a hint value is specified, the hint is used as the default for encryption functions. The hint can subsequently be retrieved for an encrypted value using the GETHINT function. If this clause is not specified and a hint is not explicitly specified on the encryption function, no hint will be embedded in encrypted data result.
hint-variable
Specifies a variable that contains an encryption password hint. The variable:
  • Must be a CHAR or VARCHAR variable. The actual length of the contents of the variable must not be greater than 32. If an empty string is specified, the default encryption password hint is set to an empty string.
  • Must not be the null value.
  • All characters are case-sensitive and are not converted to uppercase characters.
hint-string-constant
A character string constant that contains an encryption password hint. The length of the constant must not be greater than 32. If the value is an empty string, the default encryption password hint is set to an empty string.

Notes

Normal DB2 mechanisms are used to transmit the host variable or constant to the database server.

Examples

Example 1: Set the ENCRYPTION PASSWORD to the value in :hv1. Do not specify a hint for the password. 
  SET ENCRYPTION PASSWORD = :hv1
Example 2: Set the ENCRYPTION PASSWORD to the value in :hv1. Specify the value in :hv2 as the hint for the password. 
  SET ENCRYPTION PASSWORD = :hv1 WITH HINT :hv2