Just to add to this, a great package for embedding encryption is openssl. Runs on most everything.
Plus, if you are running your database on internet connected machines, you probably want to use a PKI system. The huge advantage security wise is that you can encrypt to the database with your public key, but keep the private key offline. Plus you can combine the x.509 certificate management features with your encryption scheme and add additional layers of authentication. For instance, we store data for our clients that they can access over the web. We issue them a digital certificate. Apache is configured to only allow connections from clients that have our certificiate, plus we store their data encrypted using their public key. THey log into the system and have access to the encrypted data through using their private key on their local machine (we use an active x component that is a wrapper around the MS cryptoapi). Not only do we get strong authentiation and encryption, but it's impossible for someone to get access to the data by hacking into our system since we don't even have the private key on our end. Chris On Wed, 27 Mar 2002, Ralf Liebenow wrote: > > Hi ! > > This is not sapdb related, but may be of interest for many developers > who want to use a database to store encrypted data: > > We use the AES encryption Algorithm to store the data into the DB. This > is a symetric algorithm, and it uses only private keys. If you need a > public key you have to use a public key algorithm for private key > exchange and then use the private keys to code the data with a symetric > algorithm. > > AES is the successor of DES and the new data encryption standard ... > > We use Java: JCE and JDBC, there are some cryptography Frameworks available, > that are free to use in Java, for example cryptix. (JCE is the Java > Cryptography Extensions API defined by SUN). > > As far as i know, SAPDB does not provide native encryption facilities, > and because this is really more the application domain (because of > key management etc), it is the right decision not to include this into the > Database. > > Ralf > > > Hi, > > > > did anybody use SAP DB for storing encrypted data? Which encryption algorithm > > did you use? > > > > My first thought was to use PGP for encryting the data before storing it into > > the DB. Any comments? > > > > Thanks for any hints, > > Ralf. > > -- > > ## Ralf Schneider > > ## B-connected Linux Solutions GmbH - Linux f�r den Mittelstand > > ## Dennis-Gabor-Str. 2, 14469 Potsdam > > ## www.b-connected.de > > > > _______________________________________________ > > sapdb.general mailing list > > [EMAIL PROTECTED] > > http://listserv.sap.com/mailman/listinfo/sapdb.general > > > > -- > theCo.de AG > Oranienstr. 10-11, 10997 Berlin > fon +49 30 617 897-0 fax -10 > [EMAIL PROTECTED] http://www.theCo.de > _______________________________________________ > sapdb.general mailing list > [EMAIL PROTECTED] > http://listserv.sap.com/mailman/listinfo/sapdb.general > _______________________________________________ sapdb.general mailing list [EMAIL PROTECTED] http://listserv.sap.com/mailman/listinfo/sapdb.general
