To migrate your existing unencrypted Db2 to an encrypted database, perform the following
steps:
Procedure
-
Back up your existing unencrypted Db2 database. For example:
db2 backup database <database_name>
-
Do any of the following:
-
Create an encryption key for the upgraded or fresh Db2 installation. For example:
gsk8capicmd -keydb -create -db /home/db2/ccardskeystore.p12
-pw Str0ngPassw0rd –strong -type pkcs12 –stash;
Note: The command name may vary based on the operating system. For example, on a 64 bit operating
system use this
command
gsk8capicmd_64 -keydb -create -db /localhome/db2inst2/pdesignkeystore.p12
-pw Str0ngPassw0rd -type pkcs12
-
Configure the Db2 instance to use the new keystore. For example:
db2 update dbm cfg using keystore_type pkcs12 keystore_location /localhome/db2inst2/pdesignkeystore.p12
-
Start the Db2 instance using the new keystore. For example:
db2start open keystore USING Str0ngPassw0rd
-
Restore and encrypt the Db2 backup that you created in Step 1. For example:
db2 restore database <database name> encrypt