Defining column-level encryption for the ENCRYPT_TDES built-in function

For column-level encryption using the ENCRYPT_TDES built-in function, all encrypted values in a column are encrypted with the same password.

Procedure

To define column-level encryption:

  1. Create the EMP table with the EMPNO column. The EMPNO column must be defined with the VARCHAR data type, must be defined FOR BIT DATA, and must be long enough to hold the encrypted data. The following statement creates the EMP table:

    Begin general-use programming interface information.

    CREATE TABLE EMP (EMPNO VARCHAR(32) FOR BIT DATA);
    End general-use programming interface information.
  2. Set the encryption password. The following statement sets the encryption password to the host variable :hv_pass:

    Begin general-use programming interface information.

    SET ENCRYPTION PASSWORD = :hv_pass;
    End general-use programming interface information.
  3. Use the ENCRYPT_TDES built-in function to insert encrypted data into the EMP table by issuing the following statements:

    Begin general-use programming interface information.

    INSERT INTO EMP (EMPNO) VALUES(ENCRYPT_TDES('47138')); 
INSERT INTO EMP (EMPNO) VALUES(ENCRYPT_TDES('99514')); 
INSERT INTO EMP (EMPNO) VALUES(ENCRYPT_TDES('67391'));
    End general-use programming interface information.
  4. Select the employee ID numbers in decrypted format:

    Begin general-use programming interface information.

    SELECT DECRYPT_CHAR(EMPNO) FROM EMP;
    End general-use programming interface information.

    If you provide the correct password, Db2 returns the employee ID numbers in decrypted format.