MS-Access / Getting Started

Setting Encryption Options

When you encrypt a database, the encryption is performed by calling into a Cryptographic Service Provider (CSP) that is registered by Windows. The CSP uses a specified encryption algorithm and key length to encrypt the specified data. For additional information about database encryption.

By default, Access uses Microsoft Base Cryptographic Provider v1.0 for database encryption. The default encryption algorithm is RC4.

These options can be changed in DAO by executing the SetOption method of the DBEngine object. The three option values for database encryption are:

Option ValueDescription
dbPasswordEncryptionAlgorithmUsed to change the encryption algorithm. Access only supports stream ciphers such as "RC4."
dbPasswordEncryptionKeyLengthKey length for the encryption algorithm. Set to 0 to use the default key length for the algorithm as defined by the CSP.
dbPasswordEncryptionProviderChanges the Cryptographic Service Provider (CSP). Valid CSP names can be found in the registry.

SetOption changes settings for the current session in Access. When Access is closed, the database engine reverts to the default settings. SetOption does not affect the database that is currently open. Instead, the setting is reflected after calling another method on DBEngine.

The following code demonstrates how to change the CSP and encrypt the current database by setting the database password:

Sub SetPasswordAndCSP(strOldPassword As String, strNewPassword As String)
    Dim dbs As DAO.Database

    'Get the current database
    Set dbs = CurrentDb

    'Change the CSP
    DBEngine.SetOption dbPasswordEncryptionProvider, _
	x"Microsoft Enhanced RSA and AES Cryptographic Provider"

    'Now, set the password
    dbs.NewPassword strOldPassword, strNewPassword

    'You could also choose to compact a database or
    'create a new database once the CSP was set

    Set dbs = Nothing
End Sub

You receive a runtime error if you set the dbPasswordEncryptionProvider value to an invalid CSP name. The error is displayed when you execute either the NewPassword, CompactDatabase, or CreateDatabase method. The SetOption method does not display any errors.

[Previous] [Contents] [Next]