10.3. Data Encryption

In the discussion of the SERVER_ENCRYPT authentication type we mentioned that the user ID and password supplied in the CONNECT statement are encrypted to protect from eavesdropping. DB2 Version 8.2 is further enhanced to also provide encryption of data as it travels over the network. DB2 is compliant with the Federal Information Processing Standard 140-2 (FIPS 140-2). You can now encrypt and decrypt user data using encryption mechanisms.

To use data encryption both the DB2 client and server must support it. The authentication value SQL_AUTHENTICATION_DATAENC in the catalog database command enforces SERVER authentication and also enables data encryption for that connection. If a product does not support data encryption, the SQL_AUTHENTICATION_DATAENC_CMP authentication type becomes very helpful. It lets these clients connect as SERVER_ENCRYPT, which means the data is not encrypted but that the user ID and the password are.