Purpose
You can use this statement to alter the encryption method of a tablespace.
Syntax
ALTER TABLESPACE tablespace_name ENCRYPTION [=] 'tablespace_encryption_option';
tablespace_encryption_option:
N
| Y
| AES-256
| AES-256-GCM
| AES-128
| AES-128-GCM
| AES-192
| AES-192-GCM
| SM4-CBC
| SM4-GCM
Parameters
| Parameter | Description |
|---|---|
| tablespace_name | The name of the tablespace object to be modified. |
| tablespace_encryption_option | The encryption algorithm to be used for the tablespace object. For a detailed introduction to the encryption algorithms, refer to the following section tablespace_encryption_option. |
tablespace_encryption_option
N: No encryption.Y: If'Y'is used, the default encryption isAES-256.AES-256: Uses a 256-bit key for encryption and decryption.AES-256-GCM: Uses Galois/Counter Mode (GCM) with a 256-bit key.AES-128: Uses a 128-bit key for encryption and decryption.AES-128-GCM: Uses GCM with a 128-bit key.AES-192: Uses a 192-bit key for encryption and decryption.AES-192-GCM: Uses GCM with a 192-bit key.SM4-CBC: Uses the SM4 algorithm of the Cipher Block Chaining (CBC) mode, where each block of data undergoes XOR operations with the output of the previous block’s encryption before it is encrypted.SM4-GCM: Uses the SM4 algorithm with the GCM mode, which provides both encryption and authentication functionalities.
Note
- Advanced Encryption Standard (AES) is a symmetric encryption algorithm, meaning the same key is used for both data encryption and decryption. The AES algorithm is block-based, typically encrypting data in 128-bit blocks.
- AES-GCM is an operational mode employed for block encryption algorithms, such as AES, providing both encryption and data authentication (also known as message authentication code).
- The block size of the SM4 algorithm is 128 bits, and the key length is also 128 bits.
Examples
Change the unencrypted tablespace tablespace001 to use the SM4-GCM encryption algorithm.
ALTER TABLESPACE tablespace001 ENCRYPTION = 'SM4-GCM';