iAnywhere.com - security

security

Function

Specify an encryption cipher and encryption options for synchronization.

Separately licensable option required

Transport-layer security requires that you obtain a separately-licensable SQL Anywhere Studio security option and is subject to export regulations.

To order this component, see Separately-licensable components.

Syntax

security=cipher( keyword=value;... )

Protocols

dbmlsync - TCP/IP

Default

None

Remarks

All communication for this synchronization is to be encrypted using the specified cipher. The cipher can be one of:

ecc_tls for elliptic-curve encryption. For backwards compatibility, ecc_tls can also be specified as certicom_tls.
rsa_tls for RSA encryption.
rsa_tls_fips for RSA encryption that is FIPS-approved. The rsa_tls_fips cipher uses separate FIPS 140-2 certified software from Certicom. Clients using rsa_tls are compatible with servers using rsa_tls_fips, and clients using rsa_tls_fips are compatible with servers using rsa_tls. rsa_tls_fips can only be used with Adaptive Server Anywhere databases on Windows.

For more information, see Configuring MobiLink clients to use transport-layer security.

The following security keywords are supported.

certificate_company=organization
certificate_name=common_name
certificate_unit=organization_unit
trusted_certificates=filename

When using dbmlsync with HTTPS, you do not set the security option, but set these four security keywords directly. For details of how to set the security options, see each security keyword.

For UltraLite, see Security synchronization parameter.

For information about how to set network protocol options with dbmlsync, see CommunicationAddress (adr) extended option.

For information about how to set network protocol options with UltraLite, see Network protocol options for UltraLite synchronization clients.

Example

The following example sets up RSA encryption for a dbmlsync TCP/IP protocol. This requires setup on the server and client. Each command must be written on one line.

dbmlsrv9  
  -c "dsn=asa90sample;uid=DBA;pwd=SQL" 
  -x tcpip(
    port=9999;
    security=rsa_tls(
      certificate=c:\asa90\win32\rsaserver.crt;
      certificate_password=test))

dbmlsync  
  -c "dsn=mydb;uid=DBA;pwd=SQL" 
  -e "ctp=tcpip;
      adr='port=9999;
         security=rsa_tls(
           trusted_certificates=c:\asa90\win32\rsaroot.crt;
           certificate_name=RSA Server)'"

For UltraLite clients, you implement the client side slightly differently. The equivalent client implementation in an Embedded SQL or C++ UltraLite application is:

    info.stream = ULSocketStream();
    info.stream_parms = TEXT("port=9999");
    info.security_stream = ULSecureRSATLSStream();
    info.security_parms = TEXT("trusted_certificates=\rsaroot.crt;certificate_name=RSA Server");