SET-ADMIN-KEY
Sets the data encryption administration key for a database or for all the databases on a host.
Syntax
SET-ADMIN-KEY key {(options}
Syntax elements
key A 16-character encryption key.
Options
O Overwrites an existing administration key. Without this option, SET-ADMIN-KEY displays an error message if an administration key has already been set.
Caution
Use this option with care. Once you have encrypted your data you must not change the administration key. If you do, you will not be able to read the keys in the REK file and will therefore not be able to access your encrypted files.
Restrictions
Can only be used by the database owner. SYSMAN account only.
Comments
You must create an administration key to protect your key file (the REK file in the SYSFILES account) before you can use encryption on a Reality database.
Users that need access to encrypted Reality files must be given read access to the administration key file. It is recommended that all other users should be prevented from accessing this file.
The administration key can only be used on the host system on which it has been created.
Once an administration key has been set, it can only be overwritten by using the O option.
If you are using encrypted files on FailSafe, you must create administration keys on both the primary and the secondary system. The administration keys need not be the same.
Note
The key you specify is normally saved in encrypted form in a host file called adminkey in the database configs directory, but if you prefer, you can save it to a different host file by setting the REALADMINKEY environment variable. All users that use encrypted files must have access to REALADMINKEY - on UNIX this can be done by defining it in /etc/profile, while on Windows it must be defined as a system variable.
Caution
Depending on how you set REALADMINKEY, all databases on the host may have to use the same administration key. Be careful not to overwrite a key set from another database.