|
|
|
When the LOG_ENCRYPT and ADVANCED_ENCRYPTION configuration options were specified in ctsrvr.cfg, the c-tree Server failed to start with a log incompatibility error LFRM_ERR (666, lfrm = 5), even if the server was started in a directory with no existing transaction log files.The transaction log file compatibility check failed to account for the log encryption option in effect when using advanced encryption, and assumed the transaction log files use a feature not supported. This check has been adjusted to account for the advanced encryption option.
Additional comprehensive checks at server startup have been added to ensure that the c-tree Server log encryption settings are able to handle the type of encryption for existing transaction logs. When an incompatibility is found, server startup now fails with an error message in CTSTATUS.FCS indicating which options must be changed to access the transaction log files.
The table below shows the expected results for the possible combinations of the LOG_ENCRYPT (LE) and ADVANCED_ENCRYPTION (AE) configuration options for each possible transaction log encryption type used by an existing log file (LogEncTyp).
LE |
AE |
LogEncTyp |
Expected result |
|---|---|---|---|
N |
N |
none |
Successful startup |
N |
Y |
none |
Successful startup |
Y |
N |
none |
Successful startup, new logs are scrambled with CAMO* |
Y |
Y |
none |
Successful startup, new logs are encrypted with advanced encryption |
N |
N |
camo* |
Error: Enable log encryption to proceed |
N |
Y |
camo* |
Error: Enable log encryption and disable advanced encryption to proceed |
Y |
N |
camo* |
Successful startup |
Y |
Y |
camo* |
Error: Disable advanced encryption to proceed |
N |
N |
advanced |
Error: Enable log encryption and advanced encryption to proceed |
N |
Y |
advanced |
Error: Enable log encryption to proceed |
Y |
N |
advanced |
Error: Enable advanced encryption to proceed |
Y |
Y |
advanced |
Successful startup |
* CAMO or "Camouflage" is an older, legacy method of hiding data, which is not a standards-conforming encryption scheme, such as AES. It is not intended as a replacement for Advanced Encryption or other security systems.
