Database Administrator's Guide

Previous Topic

Next Topic

Advanced Data Encryption

FairCom offers developers several advanced encryption routines, including AES (Rijndael), Blowfish, Twofish, and DES. Advanced encryption must be enabled at runtime via a server configuration keyword. The choice of encryption algorithm and cipher strength is a per-file choice by the application developer at file creation time. A master password is then assigned to the server installation which must be provided in some form at server startup.

When advanced encryption is enabled, FairCom DB prompts for a master password at server startup by default. For high availability, options are available to use a local key store file to maintain and verify the master password. The system administrator may encrypt existing files using the ctcv67 utility.

Developers can also implement the FairCom DB Server SDK to replace this prompt with an application-specific method of retrieving the master password.

Note: Prior to enabling advanced encryption, understand that there is no practical way to recover encrypted data without knowing the master password that was used to encrypt it. This applies to backed up data as well as live data. If a master password is changed, be sure to retain the old master password for any backups that may still be encrypted with the previous master password.