Srinivasan R Mottupalli

Read my blog on Encryption At Rest (EAR) before this article HCL Informix 14.10 has come up with a new utility called onkstore to generate the keystore (.p12) and stash file (.sth) for types such as local AWS_EAR AWS_BAR Type: local This is provided to store the .p12 and .sth files locally and to have our backward compatibilty with earlier versions which were storing these files locally. These files were essential to perform the encryption of the data and eventually decrypt them when needed. No connectivity to the external AWS site is needed to perform this however since the encryption key files are saved locally on the disk, there is a danger of loosing them and hence loosing the encrypted data that remains encrypted for ever and no way to decrypt them Type: AWS_EAR In order to avoid loosing of the encryption key, we have a new type called AWS_EAR to make sure the encryption key is saved safely and remotely so that can be accessed from amazon web-services, w...

Disk Encryption - Operational Data Only Up to IDS 12.10 the encryption was allowed only on the operational data on the dbspaces that the server actively performing read/write operations. The Backup data are not encrypted although there is a provision to give control to the end-user to do it via BACKUP_FILTER and RESTORE_FILTER . IDS does not control any encryption that is done with this method and hence takes no responsibility if the encryption key is lost or due to some other reason the decryption becomes impossible. In order to encrypt the operational data, all needed is to configure the onconfig parameter DISK_ENCRYPTION . It uses keystore file ($INFORMIXDIR/etc/*.p12) and stash file ($INFORMIXDIR/etc/*.sth) to support the encryption. These files are created automatically in 12.10 when DISK_ENCRYPTION is configured. The keystore file is used to store the encryption key and stash file contains the password to open the keystore file where encryption key is stored.  Thes...