Database Encryption

eXtremeDB provides the capability to encrypt in-memory and persistent databases with the standard AES encryption algorithm or by a custom encryption implementation. It is also possible to encrypt database snapshot and backup files. (Please see the Database Security web page for an illustration of eXtremeDB protection for database data and network communications.)

In-Memory Database Encryption

The encryption of in-memory (transient) database pages can be enabled by specifying an encryption key and setting the MCO_DB_INMEMORY_PROTECTION mode mask. AES algorithm encryption is the default (and the only option delivered in eXtremeDB packages). Note that enabling in-memory encryption is not applicable for persistent or hybrid databases (with both persistent and transient classes); see the section Persistent Database Encryption section below.

The AES algorithm encryption is implemented in the eXtremeDB AES encryption library for your development platform. Or, for C and C++ applications, it is possible to substitute a custom encryption algorithm by implementing specific C functions for which stubs are provided in a separate "stub" library. (Please see the Database Encryption in C page for further details.)

In-memory database encryption is not currently supported in the JNI and .NET Framework wrappers.

Persistent Database Encryption

If a cipher key is specified, then the eXtremeDB disk manager encrypts pages of database and the log files with the algorithm implemented in the currently linked library (AES by default). The exact same cipher key must be specified to open an existing encrypted database. (Note that the database pages when loaded in main memory are unencrypted.)

As for in-memory database pages, the encryption of data on persistent storage is controlled in C applications by the cipher_key element of the parameter structure (mco_db_params_t) passed into mco_db_open_dev(). Java applications set the Database.Parameters field cipherKey and C# applications set CipherKey. If this parameter is not NULL, then pages are encrypted with the AES or custom encryption algorithm before being saved to “disk” and decrypted when loaded from the “disk”. Each page is encrypted individually.

Transaction Logging Encryption

When using the eXtremeDB Transaction Logging feature, if a cipher key is specified, then the transaction log is encrypted. The same cipher key is required to play or iterate the log.

 

Send feedback on this topic to McObject.Download documentation.© 2001-2024 McObject LLC. All rights reserved.