VistaDB offers strong, FIPS-compliant encryption without compromising its legendary ease of deployment. All you have to do is specify that the database should be encrypted and provide a decryption key (password). When you subsequently want to access the database (for its data or schema) you provide the same key.
When encryption is enabled, every block of schema information and data is encrypted using AES256. It's decrypted into memory then automatically re-encrypted when it has to be written out. This encryption even applies to temporary files and maintenance activities so temp indexes, temporary tables, and working files used to repair or pack the database are all encrypted.
If your application uses .NET 4.0 or later and the VistaDB Engine for .NET 4.0 then the CAPI provider for AES256 is used which is FIPS-compliant. For compatibility with older operating systems and versions of .NET the VistaDB Engine for .NET 2.0 uses a managed (.NET) version of AES that is binary-compatible with the FIPS-compliant version. Both of these cryptographic protocols are maintained by Microsoft as part of either the .NET Framework or Windows and are not proprietary to VistaDB.
If you want to change the encryption on a database - either to convert it from plain to encrypted, encrypted to plain, or change the encryption password - the process is the same. You pack the database and provide the relevant existing password or new password. The entire database file is rewritten from the current encryption form to the requested encryption form. For more information, see How To - Pack a Database.
There is no way to access an encrypted database without the password. There is no built-in back door, key retrieval system, or other mechanism to allow the developers of VistaDB to access the database without the password.