TDE Key Store details

Posted by Mikael Hjerpe on 29-Nov-2016 09:50

Is possible to get some information about how the Key Store for TDE, how is it implemented ? Algoritmes? derrived from opensource ? same as ? (key store is as important as the encryption it self.. ) Can it use an optional store ? HW store ? configured.. Can't find any info about in the docs..

OpenEdge RDBMS - Forum

All Replies

Posted by Rob Fitzpatrick on 02-Dec-2016 15:19

I agree that this is important.

To the best of my knowledge:

  • you can't use an external key store
  • you can't use an HSM
  • algorithms:
    • if you mean supported database master key and object key encryption ciphers, they are in the docs
    • if you mean the internals of the key store and the code that access it, I strongly suspect PSC considers that a proprietary implementation detail that they will not document

Posted by gus bjorklund on 03-Dec-2016 07:38

Rob, you are correct on all points.

Posted by Mikael Hjerpe on 08-Feb-2017 03:46

Yes I ment the internals....   Why is it proprietary ?       Whom to trust ?   :)  

Posted by gus bjorklund on 08-Feb-2017 10:56

you can’t just go to the store and buy an off-the-shelf keystore.

the details are not documented because doing so would not add any value. would not enable customers to make better use of it, and would lead to more questions.

there are many, many things that are not documented. documenting every detail of everything would take forever and cost a lot of money.

This thread is closed