Db2 native encryption

Db2 native encryption provides a built-in encryption capability to protect database backup images and key database files from inappropriate access while they are at rest on external storage media.

Encryption is a key component in the protection of offline data. Many government regulations and industry standards require its use.

Db2 native encryption features:

simple deployment
does not require changes to the data schema or database applications
free use on all supported Db2 platforms and configurations.

The encryption capabilities that are used by Db2 are FIPS 140-2 certified and employ NIST SP 800-131A compliant cryptographic algorithms. Db2 also automatically detects and uses any underlying CPU hardware acceleration for encryption when available.

When you encrypt a database, Db2 native encryption protects all files that contain your data, such as:

All table spaces (both system-defined and user-defined)
All types of data in a table space (including LOB and XML data types)
All transaction logs, including archived log files
LOAD COPY data
LOAD staging files

Db2 native encryption can also be used to encrypt database backups, even if the source database is not encrypted.