Generating an encrypted merged backup

Edit online

Db2 Merge Backup supports backups encrypted with the Db2 native encryption. The following example illustrates an use case involving such encrypted backups, and shows how to generate an encrypted merged backup which encryption is compliant with the Db2 native encryption.

A FULL backup and an INCREMENTAL backup have been taken encrypted with the AES 128 bits encryption. The database name is ENCRTEST.

Here are the database configuration encryption options values:


 i1055mbk@vmdb2:~> db2 get db cfg for encrtest |grep Encryption
 Encryption Library for Backup                 (ENCRLIB) = libdb2encr.so
 Encryption Options for Backup                (ENCROPTS) = CIPHER=AES:MODE=CBC:KEY LENGTH=128

This example consists in changing the encryption properties (from AES 128 bits to AES 256 bits) of the generated merged backup, thanks to the ENCROPTS option:


i1055mbk@vmdb2:~> db2mbk -f sysin
MBKM031I Db2 Merge Backup 03.01.00.000(160226) 64 bits 02/26/2016 (Linux vmdb2 x86_64)
MBKI473I Memory limitations: 'unlimited' for virtual memory and 'unlimited' for data segment.
----+----1----+----2----+----3----+----4----+----5----+----6----+----7----+----8----+----9----+----10----+----11----+----12----+----13-- 
000001 MERGE DATABASE ENCRTEST
000002 PART (0)
000003 OUTPUT TO "/home/i1055mbk/" ENCRYPT YES ENCROPTS "CIPHER=AES:MODE=CBC:KEY LENGTH=256:MASTER KEY LABEL=DB2_SYSGEN_i1055mbk_ENCRTEST_2016-02-26-11.47.50"
MBKB005I MBK control step start   : 02/26/2016 16:22:34.844.
MBKB037I Merged backups will not be registered into Db2.
MBKB005I [0] MBK control step start   : 02/26/2016 16:22:35.964.
MBKB006I [0] MBK control step end     : 02/26/2016 16:22:37.357.
MBKB006I MBK control step end     : 02/26/2016 16:22:37.357.
MBKB053I MBK run step start       : 02/26/2016 16:22:37.357.
MBKB007I [0] MBK inventory step start : 02/26/2016 16:22:37.357.
MBKB021I [0] The partition 0 backup image taken at 20160226145913 is involved in the merge (type INCREMENTAL ENCRYPTED OFFLINE DATABASE, device DISK)
MBKB008I [0] MBK inventory step end   : 02/26/2016 16:22:37.358.
MBKB009I [0] MBK merge step start     : 02/26/2016 16:22:37.359.
MBKB028I [0] The utility will build the partition 0 backup image taken at 20160226145914 (type FULL ENCRYPTED OFFLINE DATABASE, device DISK)
MBKB021I [0] The partition 0 backup image taken at 20160226145903 is involved in the merge (type FULL ENCRYPTED OFFLINE DATABASE, device DISK)
MBKB010I [0] MBK merge step end       : 02/26/2016 16:22:39.326.
MBKB054I MBK run step end         : 02/26/2016 16:22:39.327.
MBKI441I MBK successfully ended: real time -> 0m4.483762s
user time -> 0m3.319000s : parent -> 0m1.285000s, children -> 0m2.034000s
system time -> 0m0.135000s : parent -> 0m0.125000s, children -> 0m0.010000s