At some point early in the ASE 15.x release schedule (sorry, don't recall the specific 15.x version), the method used to encrypt ASE passwords was changed to a machine-independent format.
This meant that you could now do a straight bcp/copy of the syslogins.password column between different endians without a need to perform any sort of byte swapping; net result was that you could now log into both ASEs (little endian, big endian) with the same password.
I'm wondering if ASE 15.x/16.x column-level encryption uses a similar machine-independent format?
NOTE: You don't mention your ASE version so I'm assuming you're running ASE 15.x/16.x.
Obviously (?) it would be easy enough to test this theory of machine-independent data storage of the encrypted/varbinary values:
- create encryption key in PDS (little endian)
- copy encryption key from PDS to RDS (big endian) (use XPDL of encryption key db, ddlgen, etc)
- create new table with an encrypted column (perhaps a few columns of different datatypes, eg, varchar(x), datetime, numeric) in both PDB and RDB
- insert single row of data in PDB table
- set ciphertext on; select * from PDB table
- set ciphertext on; insert * into RDB table (using varbinary values displayed from PDB/select statement) [NOTE: This is what the SRS/DSI connection does in the RDB: set ciphertext on; insert/update varbinary values.]
- set ciphertext off'; select * from RDB table to see if the values are decrypted properly
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.