The STRENCRYPT option enables you to encrypt an entire selected data set within an Enterprise Database Server database. This prevents any tool capable of reading files from a disk from accessing the data in clear text.

When the STRENCRYPT option is set for a data set, all of the items within the data set are encrypted regardless of their data type. Additionally, any index sequential sets and subsets that belong to the data set are automatically encrypted.

You can specify this option in global default or at the structure level in the physical options for the data set. If you define the STRENCRYPT option as a global default, all disjoint standard data sets with fixed formats and their index sequential spanning sets and subsets are encrypted.

The block size is increased by the encryption algorithm; encrypted data must be a multiple of 16 bytes in length (in addition to 30 bytes for the algorithm). If the VSS2OPTIMIZE or VSS3OPTIMIZE option is set with a specification of BLOCKSZ for the structure with the STRENCRYPT option, you must adjust the block size of the structure to maintain the VSS2OPTIMIZE or VSS3OPTIMIZE setting.

If you change the STRENCRYPT option setting for an existing structure (for example, from TRUE to FALSE or FALSE to TRUE) you must perform a file format change reorganization to convert the data of the structure to a different format. A reorganization of a set or subset must be generated from its data set. Note that reorganization cannot generate a manual subset with encrypted keys. User programs do not need to be recompiled.