Encrypting Databases on Disk
Overview
Cloudscape provides a way for you to encrypt your data on disk.
Typically, database systems encrypt and decrypt data in transport over the network, using industry-standard systems such as SSL. This system works well for client/server databases; the server is assumed to be in a trusted, safe environment, managed by a system administrator. In addition, the recipient of the data is trusted and is assumed to be capable of protecting the database. The only risk comes when in transporting data over the wire, and data encryption happens during network transport only.
With Cloudscape, however, such a system may be insufficient because of the portability of Cloudscape databases, which are platform-independent files that are designed to be easily shared in a number of ways, including transport over the Internet. Recipients of the data may not know how to, or may not have the means to, properly protect the data.
This data encryption feature provides the ability to store user data in an encrypted form. The user who boots the database must provide a boot password.
Libraries and JVM
Cloudscapes data encryption uses the 64-bit DES encryption engine in the 1.2 version of the Java Cryptographic Extension (JCE). In order to use this feature, you must obtain the 1.2 version of the standard JCE package, which is freely distributed to all U.S. residents (see http://java.sun.com/products/jce/index.html). With encryption, Cloudscape runs only in JDKs of version 1.2 or later.
NOTE: This library is available only to U.S. customers.
Any attempt to create or access an encrypted database without SunJCE or without JCE 1.2 raises an exception; you will not be able to create or boot the database.
NOTE: The JCE documentation installation documentation describes configuring (registering) the JCE software. You do not need to do this; Cloudscape registers JCE dynamically.
Working with Encryption
Encrypting Databases on Creation
Cloudscape allows you to configure a database for encryption when you create it.
When you create a database, you can specify whether to encrypt the data. If you specify data encryption, you must also specify a boot password, which is an alpha-numeric string used to generate the encryption key. It must be at least eight characters long. It is a good idea not to use words that would be easily guessed, such as a login name or simple words or numbers. A bootPassword, like any password, should be a mix of numbers and upper- and lowercase letters.
You turn on encryption and specify the corresponding boot password on the database connection URL for a database when you create it:
jdbc:cloudscape:wombat;create=true;dataEncryption=true;
bootPassword=clo760uds2caPe
NOTE: If you lose the bootPassword and the database is not currently booted, you will not be able to connect to the database anymore. (If you do know the current bootPassword, you can change it. See Changing the Boot Password.)
Booting an Encrypted Database
Once you have created an encrypted database, you must supply the boot password to reboot it. Encrypted databases cannot be booted automatically along with all other system databases on system startup (see cloudscape.system.bootAll of Tuning Cloudscape). Instead, you boot encrypted databases when you first connect to them.
For example, to access an encrypted database called wombat, created with the boot password cloudscape, you would use the following database connection URL:
jdbc:cloudscape:wombat;bootPassword=clo760uds2caPe
Once the database is booted, all connections can access the database without the boot password. Only a connection that boots the database requires the key.
For example, the following connections would boot the database and thus require the boot password:
-
the first connection to the database in the JVM session
-
the first connection to the database after the database has been explicitly shut down
-
the first connection to the database after the system has been shut down and then rebooted
NOTE: The boot password is not meant to prevent unauthorized connections to the database once it has been booted. To protect a database once it has been booted, turn on user authentication (see Working with User Authentication).
Changing the Boot Password
You can change the boot password for the current database.
call (CLASS COM.cloudscape.database.PropertyInfo). setDatabaseProperty('bootPasword', 'oldbpw , newbpw');
where oldbpw is the current boot password and newbpw is the new boot password. Secret keys must be at least eight characters long. This call commits immediately; it is not transactional.
NOTE: getDatabaseProperty does not return the boot password.
|