We need to send data from db2 (db2 for AS400) to another data warehouse platform (Hive). But we need to encrypt data in DB2 first. And then target server will connect to DB2 to export data and decrypt data in target server.
SQL to encrypt data in DB2:
INSERT INTO TESTAES
SELECT ENCRYPT_AES( ACCOUNT, '1234567890') FROM TESTPLAIN;
I know the DECRYPT_CHAR function in DB2:
SELECT DECRYPT_CHAR( ACCOUNT, '1234567890') FROM TESTAES
But after we load this table to another platform, we don't know how to decrypt the data. We don't know the DB2 decryption algorithm.
The way I thinks may works:
(1) Get the decryption algorithm of ENCRYPT_AES in DB2 and we can write a program in targer server to decrypt the data. But IBM shared this in any documents. I searched it in IBM DB2 document, just told us
Encryption algorithm: The internal encryption algorithm used is from the CLiC Toolkit from IBM Research. The 128-bit encryption key is derived from the password using a SHA1 message digest?https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/db2/rbafzscaencryptaes.htm
(2) Get the decryption algorithm package of ENCRYPT_AES in DB2 and we can import this package in targer server to decrypt the data. Did IBM have such package?
(3) Use another open-source/common function/package to encrypt data in DB2. And we know the algorithm and we can write program/or use the same algorithm package to decrypt the data. But I don't how can we encrypt data in AS400 db2 except ENCRYPT_AES. Maybe write a java program or something else?
Would anyone share this experience in encrypted data migration to another platform.
it is standard AES algorithm, but the default CCSID in AS400 is EBCDIC.
do you need to convert DATA to UTF-8 after decryption.
I think this question can be closed. Becuase
(1) I asked IBM Technical Support, he suggest us to write encryption/decryption function by ourselves. Maybe the algorithm of DB2 encryption function is a secret.
(2) I created an DB2 UDF to call Java Program in AS400. Finally, it works. I can encrypt data in DB2 and after other database get encrypted data and it can be decrypted in other database.
Related
My requirement is to do column level encryption.
Tried below option
TDE - data is not encrypted to one who has access to database. Please correct me if I'm wrong.
DBMS_CRYPTO package, this works but client wants to store encryption key outside Oracle database.
I'm not able to find solution for storing key outside database.
Any help on this is highly appreciated.
Perhaps two different things here.
To do TDE at column level already uses an external key store, namely a wallet. The location is specified by ENCRYPTION_WALLET_LOCATION in your sqlnet.ora file, and you'd open the wallet when the database starts, eg
ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "thePasswordIchose";
Conversely, if you are looking at doing some "home grown" encryption of data using DBMS_CRYPTO, then key management also becomes your own responsibility. You could store the key however/wherever you like, but its your job then to manage it and pass it securely into the DBMS_CRYPTO routines
For encryption purposes of some columns I wrote UDFs. I then realized that passing the keys through SQL is nonsense as the SYSDBA can trace SQL and look into session environment. And he exactly is the one, who should not access the data.
Full database encryption is no option for me due to the fact that most of the data does not need to be encrypted and speed is an important thing.
My approach is to transfer the key from client to server with ECC public/private key technique. This is easy to accomplish but where can I store the key for a session within my UDF? Can I get hold of some kind of information about the session of the caller within my UDF?
Is there any function in oracle similar to encrypt/decrypt functions in MySql?
If not how to proceed in oracle ?
Take a look at DBMS_CRYPTO
It has methods to encrypt and decrypt data built in. Better than writing your own.
http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_crypto.htm
I am currently maintaining an excel file with a great amount of oracle db connection information, including database name, server, port, user name, password, etc...I am trying to develop a VBA macro to export all db connection information into XML format, which could be imported directly into Oracle to get everything updated easily.
Here I have a question regarding to password encryption in this VBA macro. Knowing that password in the excel file is not encrypted, I want to make them encrypted in the exported XML file. I think I should encrypt password the same way as Oracle does, so that once XMl file generated from excel and imported in Oracle, Oracle can decrypt it correctly.
So I would like to know how oracle encryption works for password. Also, is there any corresponding function in VBA that would do the trick directly ?
Thanks
I've just learned one of Oracle features: External table. But when I use this external table in my application, I get a problem and wonder how to solve it.
The problem is: the security of the data file of external table (It's in text format).
How can I secure this data file effectively?
The target environment is: Red hat Linux enterprise 5.4; Oracle 10g.
Because of that environment, I cannot use Oracle DBFS to secure this file. Should I save the external data file in LOB data type in an independent database? Would you suggest me any other solution for my problem?
Make sure only the operating system user that starts the Oracle service/database (typically "oracle") can read the input files for the external services.
Then no other user will be able to mess around with them.