By default, databases are encrypted by using the DES algorithm. If you want to use the AES-256 algorithm, install the OpenSSL libcrypto library and ensure that the following parameter values are set in solid.ini:
▪ General.UseCryptoLib=yes
▪ General.CryptoLibPath to the directory where the OpenSSL libcrypto library is located (unless the library is already available in the appropriate operating system path).
The procedure for encrypting a solidDB database and log files is the same regardless of whether you use the inbuilt DES encryption or the AES-256 encryption that is provided by the OpenSSL libcrypto library.
An encryption password is needed to protect the symmetric encryption key, which is stored in an unencrypted header page of the database file. The encryption password is mandatory and must have a minimum length of three characters.
To create an encrypted database, complete the following steps:
1 Start solidDB with the -E command-line option. The database can be encrypted when creating a new database or when starting an existing database.
2 Include an encryption password by using one of the following command-line options:
▪ To provide the encryption password from a file (recommended), use the following option: -x keypwdfile:filename
▪ To provide the encryption password as part of the startup command, use the following option:
-Sencryption_password
Note Providing the password within the startup command is not secure on most systems. For example in UNIX systems, the password can be seen in the ps command output. Use the -S option only for debugging or evaluation purposes.