Open chenqi0805 opened 3 years ago
Alternative solutions:
For manual encryption and decryption, Java has its own JCE framework. The available ciphers are listed as follows:
https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html https://docs.oracle.com/javase/9/security/java-cryptography-architecture-jca-reference-guide.htm#JSSEC-GUID-2BCFDD85-D533-4E6C-8CE9-29990DEB0190
Issue with manual encryption/decryption:
Waiting for responses from MapDB and LMDB for plan of support on encryption.
@chenqi0805 If you had raised an issue to MapDB and LMDB, please link it here.
Reply from MapDB gitter:
@chenqi0805 yes, I would like to support encryption. It will be done by block encryption (entire store) or via serializers (only part of data such as Map values)
There is new MapDB4 update
https://mapdb.org/blog/mapdb_in_february_2021/
For LMDB, linked issue:
As protection to data access in data-prepper, we will support encryption at rest. Encryption requirements TBD.
As a first step, encryption at rest will be applied to db files in service-map.
Note: AWS KMS manages encryption by AES-256: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/encryption-at-rest.html which is a symmetric cryptographic algorithm(https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). Other cryptographic algorithm is PGP, which uses asymmetric encryption(public-private keys). Although providing more security, it is computationally more expensive.