cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HANA Data volume Encryption

Go to solution
Former Member

on ‎05-27-2014 4:24 PM

0 Kudos

Hi Team,

I was trying to understand , How HANA encryption works in detail may be the tool used for encrypting .

Is it using OpenSSL for encryption  ?

Then SAP Netweawer SSFS for encrypting those encryption keys ?

Is this true ?




Thanks,

Razal 

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

lbreddemann
Active Contributor
‎05-29-2014 10:43 PM
0 Kudos

Hey Razal,

OpenSSL is used in SAP HANA but it is not affected by the "Heartbleed" bug if that's where your question in aiming at (http://www.saphana.com/community/blogs/blog/2014/04/11/no-heartbleed-with-sap-hana).

The persistency encryption of SAP HANA encrypts pages during savepoint writing and there is no external tool available to decrypt the data volumes.

- Lars

Show replies
Show replies
Former Member
‎05-30-2014 4:37 AM
0 Kudos

Hi Lars,

I was trying to understand the tool used for Encryption , Is this using OpenSSL  to do the page level encryption  ?

Thanks,

Razal

lbreddemann
Active Contributor
‎05-30-2014 7:35 AM
0 Kudos

Well 'tool' is a little bit misleading.

In some parts of the process OpenSSL libraries are called, yes.

In others the SAPcrypto-library is used.

We don't call any executable with a certain set of parameters or something like that.

Very easy speaking, before a certain part of the memory is written out to disk, we encrypt this piece/buffer via a API function call. The encrypted part gets written to disk then.

Upon loading the data back to memory, we look up the encryption key that was used with the specific savepoint we're trying to load the data from and hand the buffer and the encryption key over to a different API call.

So, from a SAP HANA core developer point of view, yes, OpenSSL is a 'tool' we use, just like libstdc...

- Lars

Former Member
‎05-30-2014 7:56 AM
0 Kudos

Thanks a lot Lars ,
This is great answer (Always your answers are great and explanatory , appreciate it )

Tool :

Yes you are correct , Tool is not correct term here .

We should call it as a "piece code/ module "

My question should be re-framed as
whether  HANA encryption code/ module  uses OpenSSL libraries ? Only OpenSSL or any other.  ?

But you already answered my question

Thanks.

Razal

lbreddemann
Active Contributor
‎05-30-2014 8:14 AM
0 Kudos 


Mohammed Razal V N wrote:




But you already answered my question  




Thanks.


Razal

Glad to hear that - time to close this thread then.

Aaaaaaand TICK - another good deed done

Have a nice weekend!

- Lars

Former Member
‎05-30-2014 9:28 AM
0 Kudos

Thanks Lars for the details. I have another question here. This is regarding the encryption master key. I read that the master key is a non-unique key during initial setup of HANA and we need to generate new master key and re-enrypt the SSFS root key with this.

So the qeustions would be

01. Where is the existance of initial Master Key? (where it is stored inside the database? )

02. Is the newly generated key a UNIQUE one?

Regards

Sujith Raj

lbreddemann
Active Contributor
‎05-30-2014 12:39 PM
0 Kudos

Hi there,

no idea about the answers to your questions and currently no time to investigate.

AFAIK this is not documented anywhere public yet anyhow...

What do you need the information for? Just pure interest?

- Lars

Former Member
‎05-30-2014 3:55 PM
0 Kudos

you too have a great weekend

Former Member
‎05-30-2014 5:20 PM
0 Kudos

Thanks Lars, we were testing this in our
landscape and also there were some customer requirements were some POCs
are being built now. So asked for curiosity.

Regards

Sujith Raj

Answers (0)

Ask a Question