To implement encryption and decryption on the client, a large number of maintenance and management operations need to be performed on the client, including data key management, sensitive data encryption, and SQL statement parsing and modification. openGauss encapsulates these complex operations in the client encryption driver to implement automatic encryption and replacement of sensitive information. In addition, all encryption-related metadata is stored in the database so that the database can identify and process encrypted data.
In addition, parameters related to sensitive information in SQL statements are encrypted to ensure that query tasks do not disclose users’ query intents, reduce complex security management and operation difficulties on the client, and ensure that users are unaware of application development. In addition, the openGauss provides a series of configuration APIs to meet users’ requirements for encrypted fields, encryption algorithms, and secure key storage. The transparency of the openGauss fully-encrypted database makes task migration very convenient for users.
leo
Posted on • Updated on
Full-encryption Upgrade and Unaware Encryption/Decryption Principle Analysis
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (0)