Encryption

Oct 14, 2014 at 6:03 PM
Edited Oct 14, 2014 at 6:27 PM
Does ESENT have any encryption capabilities? What I'm after is the ability to have all data encrypted on disk, but still be able to have correctness and good performance when querying and traversing the data.

SQL CE 4 and System.Data.Sqlite both provide this capability, but I'm looking strongly at replacing them with ESENT if this is possible.

Furthermore, I know that RavenDB supports encrypted data on disk and has used ESENT as it's underlying storage engine (pre-voron).
Developer
Oct 14, 2014 at 6:08 PM
You probably want to use BitLocker.
Encryption is one of those 'checkbox' features that's easy to say, but rather challenging to do correctly:
Why do you want your data encrypted? Specifically: what is the threat you're trying to protect against? Is it physical access to the hard drives? Or if someone gets their hands on the database file?
How do you protect your encryption keys?

-martin
Oct 14, 2014 at 6:25 PM
Edited Oct 14, 2014 at 6:31 PM
No checkboxes here. We're storing identifying financial information (account numbers and transaction information for banks)

You're right. I DO WANT Bit locker, but ♬ you can't always get what you want ♬. I can't place the burden on our customers to have bitlocker configured. It's my company's responsibility to ensure this data is protected.

I want the data to be encrypted on disk to guard against the scenario in which a malicious person physically removes the drive, mounts it elsewhere, and is able to make use of the data on disk.

I will ( and have been ) protecting the encryption keys by using DPAPI, simply enough. That way an intruder would first need to gain access to an authenticated session on the machine (or with a specific user account depending on the DPAPI scope that is used) that our software is installed on, which shifts the responsibility away from our product and towards the customers own infrastructure.
Developer
Oct 14, 2014 at 9:48 PM
Oh good, I'm glad you're thinking this through.

Anyway, based on my answers, you've probably already realized that we don't support directly encrypting the file, or encrypting the data for you.

One possible approach is that you encrypt the data yourself, and store the opaque blobs in ESE. But then ESE can't create a useful index over that column, because we don't know what's inside it. And after it's encrypted, we can't sort the seemingly-random-noise.

Encryption has all sorts of subtle side-effects...


-martin
Oct 14, 2014 at 10:50 PM
Edited Oct 14, 2014 at 10:52 PM
Oh, well... Thanks anyway. And thanks for you're good work on this managed binding to ESENT.