Specifies data encryption on disk for a new database or to configure an existing unencrypted database for encryption. For information about data encryption, see "Encrypting databases on disk" in the .

The dataEncryption=true attribute must be combined with either the bootPassword=key attribute or the encryptionKey=key attribute.

With either bootPassword=key or encryptionKey=key, you have the option of also specifying the encryptionProvider=providerName, encryptionAlgorithm=algorithm, and/or encryptionKeyLength=length attributes.

An encryption key and a boot password use different storage mechanisms, so if, for example, you create a database using a boot password, you must continue to specify a boot password when you boot the database; you cannot switch to an encryption key. You can change either the boot password or the encryption key by specifying newBootPassword=newPassword or newEncryptionKey=key.

For an existing, unencrypted database for which authentication and SQL authorization are both enabled, only the database owner can perform encryption. See also "Enabling user authentication" and "Setting the SQL standard authorization mode" in the for more information.