RDM Database Encryption
RDM has added the ability to secure database content by using database level encryption. When the encryption option is turned on, all data written to disk, including transaction log files, is encrypted prior to the file I/O operation. When data is read from disk it is decrypted before being placed into the database cache. All data stored in the memory space of the internal runtime cache is cleartext while all data outside of the runtime cache is encrypted. It is possible to encrypt an in-memory database. In this case the same principles apply: data in the runtime cache is cleartext, data not currently being used be the engine is encrypted.
The levels of data encryption supported by RDM are:
| None | No encryption |
| XOR | Simple XOR encryption |
| AES 128 | Strong encryption |
| AES 192 | Stronger encryption |
| AES 256 | Strongest encryption |
Passcode
RDM encryption is implemented using a one-way SHA hash on the supplied passcode to create the encryption key. The passcode can be supplied by the user or a default passcode can be used.
If a user supplied passcode is lost, Raima is not able to provide assistance in gaining access to the encrypted database.
The default encryption key allows the developer to utilize encrypted databases without making any code changes to their application. While the default encryption key will provide obfuscation of data stored in a database it does not provide the security of authentication. Any user with a version of RDM that supports encryption will be able to access data stored in a database that is encrypted with default key. This includes RDM utilities or an application built with the RDM runtime.
The use of a default encryption key may be sufficient for certain application spaces. However, it is Raima's recommendation that a custom encryption passcode be used for all databases for maximum security .
Encryption Ciphers
RDM supports an implementation of the Advanced Encryption Standard
The Advanced Encryption Standard is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. Based on the Rijndael cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal which was evaluated by the NIST during the AES selection process. (AES) specification and a simple XOR cipher. The XOR cipher encrypts the data by applying the bitwise XOR operator to every character using a given passcode. The AES cipher allows the user to specify a key size of 128, 192, or 256 bits. As a symmetric-key block cipher the number of bits of input match the number of bits of encrypted data returned by the AES implementation.
AES encryption is not available on all versions of RDM.