Wednesday, December 8, 2010

Advantage Strong Encryption Overview

With the release of 10.1 a new FIPS 140-2 encryption option has been added to Advantage. You must purchase the strong encryption libraries separately, for more information contact your sales representative or visit our encryption page. You can also view the strong encryption datasheet.
The default encryption mechanism is a 160-bit RC4 encryption mechanism. This includes encrypting of all files ( tables, memos and indexes ) as well as encryption of communications. The strong encryption add-on provides a FIPS 140.2 compatible encryption mechanism. This implements both 128-bit and 256-bit AES encryption for files and Transport Layer Security (TLS) for communication.
Here is a quick summary of the new features and benefits of strong encryption.

  • TLS v1.0 operating over TCP/IP using RSA for key exchange with either 128-bit or 256-bit AES encryption with SHA-1 for message authentication
  • Tables can be encrypted using 128-bit or 256-bit AES
  • Improved key strength by salting and hashing keys
  • Ability to encrypt a data dictionary with an external password. This also allows you to change the type of encryption of an existing dictionary.
  • Added a FIPS mode for Advantage clients and server. This ensures that all encryption meets the FIPS 140-2 standard.

Several new stored procedures have been added to make working with encryption easier. These include functions for encrypting and decrypting tables, setting encryption types and retrieving information about the type of encryption being used. A list of these new system procedures are listed below.

  • sp_EncryptTable encrypts a table. When AES Encryption is specified on dictionary bound tables this procedure converts the table to strong encryption.
  • sp_DecryptTable decrypts tables.
  • sp_SetDDEncryptionType converts the type of encryption used by a data dictionary
  • sp_GetSecurityInfo returns information about the type of encryption being used on the connection
Next week I'll be walking through using the new strong encryption with Advantage.

No comments: