DisableDatabaseEncryption

The DisableDatabaseEncryption action disables database encryption. The syntax of the DisableDatabaseEncryption action is as follows.

jdbcrypt path=database-path
         ini=initialization-file-name
         action=DisableDatabaseEncryption [RetainMasterKey=true]

The following is an example of the DisableDatabaseEncryption action.

jdbcrypt path=d:\dbcrypt ini=d:\salesdb\jade.ini action=DisableDatabaseEncryption RetainMasterKey=true

This action requires that all map files are decrypted first.

When you are sure that you do not need to restore an encrypted version of the database, you should destroy any copies of the old exported master key. If you re-encrypt the database, a new master key is always created.

This action requires the manual entry of the master key passphrase.

When you call this action to disable database encryption, the master key is automatically deleted from the keystore by default. This means that a secondary database restarted on the same machine as the primary becomes unusable if it has not replayed the file decryptions and disabled database encryption, because it requires the master key to reopen the database.

The JADE Database Encryption utility displays a message when the master key has been deleted.

If you want to override the default deletion of the master key and retain it when encryption is disabled, specify the RetainMasterKey=true argument for the DisableDatabaseEncryption action.

If you run a secondary database on the same machine as the primary and you want to avoid recloning the secondary, specify RetainMasterKey=true so that there is no chance that the secondary restarts and requires the deleted master key before it replays the DisableDatabaseEncryption action.

When the secondary no longer requires the old master key, you can use the ListStoredKeys and DeletedStoredKey actions to find and delete it.