DB2® native
encryption encrypts your database, requires no hardware, software,
application, or schema changes, and provides transparent and secure
key management. You can add encryption during the upgrade process
if it is not already configured.
About this task
Note: Data encryption is optional.
Procedure
To encrypt the database:
- Open a DB2 command
window.
| Option |
Description |
|---|
| Linux |
Enter the following command, where db2user is
the DB2 user:su -db2user
|
- If your system has multiple DB2 instances, you need to set
the correct DB2INSTANCE to access the CFDB database. In the DB2 command window, enter the
following command:
| Option |
Description |
|---|
| Linux |
set DB2INSTANCE=instance_name
|
- Verify whether the database is already encrypted:
db2pd -db CFDB -encryptioninfo
If the database is encrypted, the Master Key Label is
displayed. If the database is encrypted already, skip the remaining
steps.
- Create the keystore by entering the following command:
gsk8capicmd -keydb -create -db /db2_home/db2/cfdbkeystore.p12 -pw StrongPassword –strong -type pkcs12 –stash
db2_home is
the directory where
DB2 is
installed.
/home/db2 user/
- Configure the DB2 instance with the new keystore:
db2 update dbm cfg using keystore_type pkcs12 keystore_location /home/db2/cfdbkeystore.p12
- Generate a backup image the database:
db2 backup database cfdb
- Drop the database:
db2 drop database cfdb
- Restore the backup image into a new encrypted database:
db2 restore database cfdb encrypt