ENCRYPTKEY= Table Option

Specifies a key value for AES encryption.

Valid in: SPD Server
Requirement: ENCRYPTKEY= must be specified when ENCRYPT=AES.
Syntax
Required Argument
Details
Example
See Also

Syntax

ENCRYPTKEY=key-value

Required Argument

key-value

assigns an encrypt key value. To create an ENCRYPTKEY= key value with or without quotation marks, follow these rules:

No quotation marks:

  • use alphanumeric characters and underscores only
  • can be up to 64 bytes long
  • use uppercase and lowercase letters
  • must start with a letter
  • cannot include blank spaces
  • is not case sensitive

Examples:

%let mykey=abcdefghi12;
encryptkey=&mykey
encryptkey=key_value
encryptkey=key_value1

Single quotation marks:

  • use alphanumeric, special, and DBCS characters
  • can be up to 64 bytes long
  • use uppercase and lowercase letters
  • can include blank spaces, but cannot contain all blanks
  • is case sensitive

Examples:

encryptkey='key_value'
encryptkey='1234*#mykey'

Double quotation marks:

  • use alphanumeric, special, and DBCS characters
  • can be up to 64 bytes long
  • use uppercase and lowercase letters
  • can include blank spaces, but cannot contain all blanks
  • is case sensitive

Examples:

encryptkey="key_value"
encryptkey="1234*#mykey"
%let mykey=Abcdefghi12;
encryptkey="&mykey"
Interaction You cannot change the key value on an AES-encrypted table without re-creating the table.
Note When the ENCRYPTKEY= key value uses DBCS characters, the 64-byte limit applies to the character string after it has been transcoded to UTF-8 encoding. You can use the following DATA step to calculate the length in bytes of a key value in DBCS:
data _null_;
    key=length(unicodec('key-value','UTF8'));
    put 'key length=' key;
run;

Details

When you use the ENCRYPT=AES option setting to specify AES-256 encryption, you must use the ENCRYPTKEY= option to specify a text string value. This value enables the RSA 256-bit encryption key to encode data and index files.
CAUTION:
Record all ENCRYPTKEY= values when you are using ENCRYPT=AES.
If you forget to record the ENCRYPTKEY= value, you lose your data. SAS cannot assist you in recovering the ENCRYPTKEY= value.
The ENCRYPTKEY= table option does not protect the file from deletion or replacement.
You must specify the ENCRYPTKEY=value to read or copy the file.
You can use a macro variable as the ENCRYPTKEY= key value. The following code defines a macro variable: 
%let secret=Abcdefghi12;
The following code uses the macro variable as the ENCRYPTKEY= value:
data tempdata.aestable(encrypt=aes encryptkey="&secret");

Example

This example sets the ENCRYPT=AES option and an encryption key using PROC SQL: 
libname tempdata sasspds "test" host="host.company.com" service="8561"
    user="siteusr1" prompt=yes;

data tempdata.regtable;x=1;run;

option dbidirectexec=yes;

proc sql;
create table tempdata.aestable(encrypt=aes encryptkey="1234*#mykey") as 
select * from tempdata.regtable;
quit;
To use the table, specify the ENCRYPTKEY= value as follows:
proc contents data=tempdata.aestable(encryptkey="1234*#mykey"); run;

See Also

SPD Server table options:
ENCRYPT= Table Option
Copyright © SAS Institute Inc. All Rights Reserved.
Last updated: February 8, 2017