Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
81828384858687888990
For highly sensitive information, this potential for information loss could present a significant
security risk. In order to remove that security risk, Directory Server allows portions of its
database to be encrypted. Once encrypted, the data are safe even in the event that an attacker
has a copy of the server's database files.
Database encryption allows attributes to be encrypted in the database. Both encryption and the
encryption cipher are configurable per attribute per backend. When configured, every instance
of a particular attribute, even index data, is encrypted for every entry stored in that database.
NOTE
To enable database encryption on an attribute with existing stored data, export
the database to LDIF first, then make the configuration change, then re-import
the data to the database. The server does not enforce consistency between
encryption configuration and stored data; therefore, pay careful attention that all
existing data are exported before enabling or disabling encryption.
Indexed attributes may be encrypted, and database encryption is fully compatible with indexing.
The contents of the index files that are normally derived from attribute values are also encrypted
to prevent an attacker from recovering part or all of the encrypted data from an analysis of the
indexes.
Since the server pre-encrypts all index keys before looking up an index for an encrypted
attribute, there is some effect on server performance for searches that make use of an
encrypted index, but the effect is not serious enough that it is no longer worthwhile to use an
index.
2.3.1. Encryption Keys
In order to use database encryption, the server must be configured for SSL and have SSL
enabled because database encryption uses the server's SSL encryption key and the same PIN
input methods as SSL. The PIN must either be entered manually upon server startup or a PIN
file must be used.
Randomly generated symmetric cipher keys are used to encrypt and decrypt attribute data. A
separate key is used for each configured cipher. These keys are wrapped using the public key
from the server's SSL certificate, and the resulting wrapped key is stored within the server's
configuration files. The effective strength of the database encryption is never higher than the
strength of the server's SSL key used for wrapping. Without access to the server's private key, it
is not possible to recover the symmetric keys from the wrapped copies.
CAUTION
Database Encryption
65