Db2 native encryption

Db2 native encryption provides a built-in encryption capability to protect database backup images and key database files from inappropriate access while they are at rest on external storage media.

Encryption is a key component in the protection of offline data. Many government regulations and industry standards require its use.

Db2 native encryption features:
  • simple deployment
  • does not require changes to the data schema or database applications
  • free use on all supported Db2 platforms and configurations.
The encryption capabilities that are used by Db2 are FIPS 140-2 certified and employ NIST SP 800-131A compliant cryptographic algorithms. Db2 also automatically detects and uses any underlying CPU hardware acceleration for encryption when available.
When you encrypt a database, Db2 native encryption protects all files that contain your data, such as:
  • All table spaces (both system-defined and user-defined)
  • All types of data in a table space (including LOB and XML data types)
  • All transaction logs, including archived log files
  • LOAD COPY data
  • LOAD staging files
Db2 native encryption can also be used to encrypt database backups, even if the source database is not encrypted.