February 10, 2004 at 10:19 am
Folks,
I need to encrypt a particular table in one of out live databases. This is the first time I have looked at this subject. I have found a tool provided by ActiveCrypt called XP_Crypt.
Have any of you used this product, were only after basic encryption.
All comments and suggestionst welcome.
Thanks
Andy
February 11, 2004 at 9:52 am
We are using xp_crypt to encrypt certain fields in our database. If you use this product and you want to "encrypt a particular table", you would do that by encrypting each field in the table separately. Because encryption and decryption take cpu time, I would suggest you encrypt only what is necessary.
xp_crypt provides you with a .dll that provides you with some extended stored proceudres you can call from T-SQL. The parts of the product that I have used work as advertised. Technical support is by e-mail but is quite prompt.
One of the issues that you will want to address early on is where to store your encryption keys. As you know, there are two basic types of encryption: private key and public key.
Private key encryption uses the same key to both encrypt and decrypt. This makes it imperative that the key be kept secret, because anybody who has a copy of the key will be able to read your data. Because neither people nor computers are all that good at keeping secrets, some organizations even go so far as to place their private keys in hardware devices. The hardware device is designed to never reveal the key; rather you give it a string of data and the device does the encryption/decryption internally. This approach can provide very good security. One company which sells this kind of device is Rainbow Technologies (http://www.rainbow.com). The devices work well but the implementation effort can be steep! (xp_crypt is MUCH simpler to use)
Public key encryption uses a published key for encryption (the public key), and a different key for decryption (the private key). Public key encryption works well, is computationally intensive, and its encrypted data tends to take up a lot of space. We use it because it fits what we do: lots of people here need to encrypt data (order entry with credit card information), but only a few people need to decrypt (sending credit card info to the clearing house for payment). In other words, many people use a public key, but only a few use a private key so the key management is bearable.
To sum up, we are using xp_crypt in a software-only solution because it was straightforward, not expensive, and was much better than storing sensitive information in the clear. However, hardware devices do provide better key management which helps security. Which one you choose would depend on your requirements and your budget.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply