Hi,

I've enabled encryption, and I can read and write without errors using
the correct password. However, if I view the .db file I can see the
plain text so it seems that the encryption isn't working.
This is db-4.4.20, using the BDB Java API on Debian, Linux kernel
2.6.15-1-486.

Here are my methods that open and write to the database:
public void open(String databaseName) throws Exception {
databaseName = ENVIRONMENT_NAME + "/" + databaseName;
EnvironmentConfig environmentConfig = new EnvironmentConfig();
environmentConfig.setTransactional(true);
environmentConfig.setInitializeCache(true);
environmentConfig.setInitializeLocking(true);
environmentConfig.setInitializeLogging(true);
environmentConfig.setAllowCreate(true);
environmentConfig.setEncrypted("password");
environment = new Environment(new File(ENVIRONMENT_NAME),
environmentConfig);
DatabaseConfig databaseConfig = new DatabaseConfig();
databaseConfig.setAllowCreate(true);
databaseConfig.setType(DatabaseType.HASH);
database = new Database(databaseName, null, databaseConfig);
Transaction transaction = environment.beginTransaction(null, null);
database = environment.openDatabase(transaction, databaseName, null,
databaseConfig);
transaction.commit();
database.truncate(null, false);
}

public void write(String key, String value) throws Exception {
DatabaseEntry databaseEntryKey = new
DatabaseEntry(key.getBytes("UTF-8"));
DatabaseEntry databaseEntryValue = new
DatabaseEntry(value.getBytes("UTF-8"));
Transaction transaction = environment.beginTransaction(null, null);
try {
if (database.putNoOverwrite(transaction, databaseEntryKey,
databaseEntryValue) == OperationStatus.KEYEXIST) {
throw new Exception("Key already exists.");
}
transaction.commit();
} catch (DatabaseException e) {
transaction.abort();
e.printStackTrace();
}
}

Thanks, Dave

Hi Dave,

I was not able to run your program as posted - since the open is not
doing the correct thing.

You have two database opens assigning to the same object. The first is
opening outside of an environment, encryption is not supported unless
an environment is being used.

The second open within the environment is failing because the code is
explicitly prepending the environment directory to the DB name.

Once I changed the open method to be:
public void open(String databaseName) throws Exception {
EnvironmentConfig environmentConfig = new EnvironmentConfig();
environmentConfig.setTransactional(true);
environmentConfig.setInitializeCache(true);
environmentConfig.setInitializeLocking(true);
environmentConfig.setInitializeLogging(true);
environmentConfig.setAllowCreate(true);
environmentConfig.setEncrypted("password");
environment = new Environment(new File(ENVIRONMENT_NAME),
environmentConfig);
DatabaseConfig databaseConfig = new DatabaseConfig();
databaseConfig.setAllowCreate(true);
databaseConfig.setType(DatabaseType.HASH);
Transaction transaction = environment.beginTransaction(null, null);
database = environment.openDatabase(transaction, databaseName, null,
databaseConfig);
transaction.commit();
database.truncate(null, false);
}

The open works and the DB is encrypted.

It is worth noting that the memory mapped regions contain data that is
not encrypted. So the __db.XXXX files might contain references to
unencrypted data. See here:
http://www.sleepycat.com/docs/ref/env/encrypt.html
For more information.

I hope this helps,
Alex

dtuttle1 (AT) gmail (DOT) com wrote:

Hi Alex,

Thanks - that's helps me a lot! I appreciate it.
Regarding your second point, I'll look at
environmentConfig.setSystemMemory(true);
to avoid unencrypted data in the files.

My goal is to use MySQL with BDB as the storage engine. I have it
working except that there's no way to tell MySQL to tell BDB to use
encryption.
I've been looking for a place in the BDB source to hard-code it. I
found the __dbenv_open method in env_open.c, and I added
dbenv->set_encrypt(dbenv, "some-password", DB_ENCRYPT_AES);
It's not working yet, and I'm not sure if it's the right approach. Can
you make a recommendation?

Thanks again, Dave

Alex wrote: