The DATAENCRYPT option enables you to encrypt specific data items within an Enterprise Database Server database. This prevents any kind of tool that can read files from a disk from accessing the data in clear text.
You can set this option at the global database or data set level. You can also set the option at the structure level in the physical options for data sets or for selected items in a data set. The DATAENCRYPT option is not allowed for restart data sets, internal structures, or partitioned data sets.
Only alpha, numeric, real or group data item types are valid for database encryption. The items inside a group cannot specify the DATAENCRYPT option.
If the DATAENCRYPT option is specified, then alpha, numeric, group and real items in the data set inherit the DATAENCRYPT option. An item in a remap must have the same DATAENCRYPT option with its associated data set item.
If a database has the DATAENCRYPT option defined as a global default, all of the data sets are encrypted.
If there are any items with the DATAENCRYPT option in the data set, these items will be encrypted and moved to the end of the record. This is done to maximize the performance and minimize the disk usage. The record size will be increased and the size will depend on the encryption algorithm specified. The encrypted data will always be different in each record even if the records contain the same original (unencrypted) value.
If there are any Filler data items along with the items with DATAENCRYPT option in the data set, the Filler in the record is located after all non-encrypted data items and encrypted data items. When substituting a filler item with new data items type, a reorganization is required.
A reorganization must be performed when changing the DATAENCRYPT option from TRUE to FALSE or FALSE to TRUE.
The key items in a set or subset can have the DATAENCRYPT option specified but not the key items in an Access. The key data cannot contain encrypted data items. For more information about using the DATAENCRYPT option with key items, refer to Sets, Subsets, and Accesses.
