on 05-27-2014 4:24 PM
Hi Team,
I was trying to understand , How HANA encryption works in detail may be the tool used for encrypting .
Is it using OpenSSL for encryption ?
Then SAP Netweawer SSFS for encrypting those encryption keys ?
Is this true ?
Thanks,
Razal
Hey Razal,
OpenSSL is used in SAP HANA but it is not affected by the "Heartbleed" bug if that's where your question in aiming at (http://www.saphana.com/community/blogs/blog/2014/04/11/no-heartbleed-with-sap-hana).
The persistency encryption of SAP HANA encrypts pages during savepoint writing and there is no external tool available to decrypt the data volumes.
- Lars
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well 'tool' is a little bit misleading.
In some parts of the process OpenSSL libraries are called, yes.
In others the SAPcrypto-library is used.
We don't call any executable with a certain set of parameters or something like that.
Very easy speaking, before a certain part of the memory is written out to disk, we encrypt this piece/buffer via a API function call. The encrypted part gets written to disk then.
Upon loading the data back to memory, we look up the encryption key that was used with the specific savepoint we're trying to load the data from and hand the buffer and the encryption key over to a different API call.
So, from a SAP HANA core developer point of view, yes, OpenSSL is a 'tool' we use, just like libstdc...
- Lars
Thanks a lot Lars ,
This is great answer (Always your answers are great and explanatory , appreciate it )
Tool :
Yes you are correct , Tool is not correct term here .
We should call it as a "piece code/ module "
My question should be re-framed as
whether HANA encryption code/ module uses OpenSSL libraries ? Only OpenSSL or any other. ?
But you already answered my question
Thanks.
Razal
Thanks Lars for the details. I have another question here. This is regarding the encryption master key. I read that the master key is a non-unique key during initial setup of HANA and we need to generate new master key and re-enrypt the SSFS root key with this.
So the qeustions would be
01. Where is the existance of initial Master Key? (where it is stored inside the database? )
02. Is the newly generated key a UNIQUE one?
Regards
Sujith Raj
User | Count |
---|---|
98 | |
11 | |
11 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.