MS-Access / Getting Started

Setting Encryption Options

When you encrypt a database, the encryption is performed by calling into a Cryptographic Service Provider (CSP) that is registered by Windows. The CSP uses a specified encryption algorithm and key length to encrypt the specified data. For additional information about database encryption.

By default, Access uses Microsoft Base Cryptographic Provider v1.0 for database encryption. The default encryption algorithm is RC4.

These options can be changed in DAO by executing the SetOption method of the DBEngine object. The three option values for database encryption are:

Option ValueDescription
dbPasswordEncryptionAlgorithmUsed to change the encryption algorithm. Access only supports stream ciphers such as "RC4."
dbPasswordEncryptionKeyLengthKey length for the encryption algorithm. Set to 0 to use the default key length for the algorithm as defined by the CSP.
dbPasswordEncryptionProviderChanges the Cryptographic Service Provider (CSP). Valid CSP names can be found in the registry.

SetOption changes settings for the current session in Access. When Access is closed, the database engine reverts to the default settings. SetOption does not affect the database that is currently open. Instead, the setting is reflected after calling another method on DBEngine.

The following code demonstrates how to change the CSP and encrypt the current database by setting the database password:

Sub SetPasswordAndCSP(strOldPassword As String, strNewPassword As String)
    Dim dbs As DAO.Database

    'Get the current database
    Set dbs = CurrentDb

    'Change the CSP
    DBEngine.SetOption dbPasswordEncryptionProvider, _
	x"Microsoft Enhanced RSA and AES Cryptographic Provider"

    'Now, set the password
    dbs.NewPassword strOldPassword, strNewPassword

    'You could also choose to compact a database or
    'create a new database once the CSP was set

    'Cleanup
    Set dbs = Nothing
End Sub

You receive a runtime error if you set the dbPasswordEncryptionProvider value to an invalid CSP name. The error is displayed when you execute either the NewPassword, CompactDatabase, or CreateDatabase method. The SetOption method does not display any errors.

[Previous] [Contents] [Next]

In this tutorial:

  1. Using DAO to Access Data
  2. Data Access Objects
  3. New Features in DAO
  4. Referring to DAO Objects
  5. The DBEngine Object
  6. Using Transactions
  7. The Errors Collection
  8. The Databases Collection
  9. The CurrentDb() Function
  10. Opening an External Database
  11. Closing and Destroying Database Object References
  12. DAO Property Types
  13. Setting and Retrieving Built-In Object Properties
  14. Setting and Retrieving SummaryInfo Properties
  15. Creating Schema Objects with DAO
  16. Creating Indexes
  17. Creating Relations
  18. Creating Multi-Value Lookup Fields
  19. Database Encryption with DAO
  20. Setting Encryption Options
  21. Managing Access (JET) Security with DAO
  22. Creating Security Objects
  23. Creating and Deleting Groups
  24. Managing Passwords
  25. Data Access with DAO
  26. Modifying a QueryDef
  27. Filtering and Ordering Recordsets
  28. Navigating Recordsets
  29. BOF, EOF
  30. Navigating Recordsets with Multi-Value Lookup Fields
  31. Bookmarks and Recordset Clones
  32. Finding Records
  33. Working with Recordsets
  34. Using Arrays with Recordsets
  35. Working with Attachment Fields
  36. Append Only Fields