What different ways we have to test TDE for QA?

Posted by fiservarvind on 16-Aug-2019 06:54

We are enabling our database for TDE. As per TDE it do everything in the background and one cannot check data is encrypted or not at data level, once you able to access Db you can see the data.

How QA can test this? Do we have any tools which can tell us your data is encrypted or not?

OpenEdge Development - Forum

All Replies

Posted by James Palmer on 16-Aug-2019 08:18

Not sure if this is the only way, but if you open up one of your data area extents in a non-encrypted db in a text editor you will see snippets of the data in clear text in it. 

With TDE enabled all of this will be encrypted and unreadable. 

Posted by Mike Fechner on 16-Aug-2019 08:20

What James is suggesting is that a grep on a known item description or a customer name on a TDE'd DB should be returning nothing.

Posted by fiservarvind on 16-Aug-2019 09:49

Thanks James & Mike.

Could you please also suggest if we have any tools which can compare two data files before and after encryption which we can suggest our QA team to refer for testing?

Posted by pwokke on 16-Aug-2019 11:34

From the data administration tool > Database > Reports > Encryption Policy Reports.

To get an overview of what is encrypted.

Perform a backup restore procedure on the encrypted database.

Without the proper key phrase specific date will not be decrypted.

Run your application on that db to see the effects.

Posted by gus bjorklund on 16-Aug-2019 13:42

> On Aug 16, 2019, at 2:56 AM, fiservarvind wrote:

>

> Do we have any tools which can tell us your data is encrypted or not

you can use the "strings" command to extract all readable the text from a data extent.

then encrypt the data and run the strings command again.

this is not an exhaustive test, but it easy to do.

you can also use the "od" command to dump selected portions a data extent and compare before and after.

Posted by fiservarvind on 03-Dec-2019 12:07

From the data administration tool > Database > Reports > Encryption Policy Reports.

Is above will not show anything if I encrypt Type I Area. It seems like it only shows objects like Table, Indexes and LOBs?

documentation.progress.com/.../index.html

Posted by gus bjorklund on 03-Dec-2019 17:10

When you encrypt a type i data area, /everything/ in it is encrypted and

there is no information available about individual objects.  no one

should be using type i data areas anymore, except for small databases

that do not change much if at all.

one of the many disadvantages of type i data areas is that many new

features cannot be implemented for them, or can be only partially

implemented.  this is their nature.

>

Posted by Tinco on 05-Dec-2019 12:59

Hi,

For a type 1 area using a command like:

proutil databaseName -C epolicy scan area "areaName"

would return something like:

areaName20 / 20 CURRENT AES_CBC_128 V:0 200 of 627 blocks encrypted

indicating how many blocks in that area are already encrypted and how many still need to be encrypted.

More info on that epolicy scan command can be found on:

documentation.progress.com/.../index.html

Hopes this help,

Tinco

This thread is closed