Hi, There are two storage engines. Both support encrypted databases, but in a different way.
[1] When using the current storage engine (page store): the algorithm is documented under http://h2database.com/html/advanced.html#security_protocols- "File Encryption". [2] When using the new storage engine (MVStore) which is not enabled by default yet: the algorithm is XTS-AES, documented under http://h2database.com/html/mvstore.html#encryption - see also http://en.wikipedia.org/wiki/XEX-TCB-CTS#XEX-based_tweaked-codebook_mode_with_ciphertext_stealing_.28XTS.29 > Does the encryption happen on the page level? On a block level, each block having a fixed size (see the source code also). > If so, could this be reused to implement compression over all the data in the database? No, not the same mechanism. Compression is done before encryption (as you know you can not compress after encryption). For [1] only CLOBs and BLOBs can be compressed. For [2] b-tree pages can be compressed (all data and indexes), but this is unrelated to encryption - see also http://h2database.com/html/mvstore.html#logStructured > Additionally, are indexes encrypted too? Yes for both [1] and [2]. > (And are indexes subject to being divided in pages too?) For [1]: yes. For [2]: yes, but for the MVStore a b-tree page doesn't have a fixed size. Regards, Thomas On Mon, Oct 21, 2013 at 4:28 PM, Eric Harney <[email protected]> wrote: > How does encrypting the database contents work, considering that the data > still needs to be randomly accessible? Does the encryption happen on the > page level? If so, could this be reused to implement compression over all > the data in the database? > > Additionally, are indexes encrypted too? (And are indexes subject to being > divided in pages too?) > > -- > You received this message because you are subscribed to the Google Groups > "H2 Database" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/h2-database. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/groups/opt_out.
