About InterBase Encryption
Go Up to Encrypting Your Data
Encryption is the process of applying an invertible algorithm to a block of data (plaintext) so that the encrypted data (ciphertext) bears no resemblance to the plaintext. Typically, an encryption key is applied to the plaintext to produce the ciphertext. The same encryption key is used to convert (decrypt) the ciphertext back to plaintext. The purpose of encryption is to protect data from being deciphered by unauthorized viewers or users.
InterBase enables you to encrypt information at one or both of the following levels:
- Database-level Encryption:
- When you specify database-level encryption, InterBase encrypts all the database pages that contain user information. Non-user database pages are not encrypted. Non-user pages include the header page, log page, inventory pages, pointer pages, transaction inventory pages, index root pages, and generator pages.
- You cannot specify which pages in a database to encrypt. Instead, you issue the encrypt database command from the database to which you are connected, and InterBase encrypts all the user-related pages in that database.
- Column-level Encryption:
- Column-level encryption is both more flexible and more specific. To encrypt a column, you specify the table that contains the column, followed by the name of the column. You can encrypt all of the columns in a table, or only individual columns you specify. For example, you can encrypt a payroll column in an Employee table so that both payroll and HR employees can access it. Then you might encrypt SSN information in the same table so that only payroll employees can access it. Users who need to access data in encrypted columns can be given decrypt privileges for that column.
- Note: When working with encrypted columns, the MIN, MAX, BETWEEN, and ORDER BY operations cannot use an index based on those fields due to the nature of the index key that is formed from the encrypted field value. So while the index is not useful for the above operations, it is still useful for equality matches and JOIN operations
Generally speaking, encrypting all of the user pages of a database takes much greater overhead than selectively encrypting individual columns. In addition, database performance can be adversely affected when a large number of concurrent queries access the same encrypted columns.