org.enhydra.instantdb.db
Interface TableEncrypt


public interface TableEncrypt

Allows database developers to encrypt InstantDB data.

Developers create an encryption class which implements this interface. InstantDB associates a TableEncrypt object with a Table. When reading or writing to disk, InstantDB invokes the associated methods on the TableEncrypt object to encrypt or decrypt each row of the table.

A TableEncrypt object is associated with a table using the method: jdbc.idbConnection.setTableEncryption (String tableName, TableEncrypt encrypter).

Indexes are created using the clear text values of columns. Therefore, you should not create indexes on columns which you wish to remain confidential.


Field Summary
static int FIRST_DATA_COLUMN
          The column offsets that get passed to the encrypt/decrypt routines include meta-columns which are only of interest to InstantDB.
 
Method Summary
 byte[] BinaryDecrypt(java.lang.String tableName, java.lang.String columnName, byte[] binaryData, int rowNumber)
          Invoked by InstantDB just after a binary column has been read from disk.
 byte[] BinaryEncrypt(java.lang.String tableName, java.lang.String columnName, byte[] binaryData, int rowNumber)
          Invoked by InstantDB just before a binary column is about to be written to disk.
 void Decrypt(java.lang.String tableName, byte[] rowBuffer, int rowNumber, int[] colOffsets)
          Invoked by InstantDB just after a row is has been read from disk.
 void Encrypt(java.lang.String tableName, byte[] rowBuffer, int rowNumber, int[] colOffsets)
          Invoked by InstantDB just before a row is about to be written to disk.
 

Field Detail

FIRST_DATA_COLUMN

public static final int FIRST_DATA_COLUMN
The column offsets that get passed to the encrypt/decrypt routines include meta-columns which are only of interest to InstantDB. These columns must not be encrypted and InstantDB will override any attempt to encrypt them.

The first true data column is the colOffset element indexed by the following constant. In other words, only colOffsets[FIRST_DATA_COLUMN] onwards are data columns.

Method Detail

Encrypt

public void Encrypt(java.lang.String tableName,
                    byte[] rowBuffer,
                    int rowNumber,
                    int[] colOffsets)
Invoked by InstantDB just before a row is about to be written to disk.

Parameters:
tableName - The name of the table being encrypted. A single TableEncrypt object can be associated with multiple tables. This parameter allows the implementation to vary the encryption process for each table.

rowBuffer - The actual row of data to be encrypted. The encryption algorithm must guarantee that the data does not increase in size as a result of the encryption process. On return from this method, rowBuffer should contain encrypted data.

Room for cipher padding can be achieved by creating dummy CHAR columns of sufficient size either after individually encrypted columns, or by including a single dummy CHAR column at the end of a row if the whole row is to be encrypted.

rowNumber - This parameter allows implementations to vary their encryption algorithm depending on the physical row number in the table.

colOffsets - An array specifying the offsets of each column in rowBuffer. This allows applications to encrypt individual columns and so increase the speed of the encryption process.

The control column: $$control, which is present in every InstantDB table is included in both rowBuffer and in colOffsets. InstantDB ensures that this column is NOT encrypted on disk.


BinaryEncrypt

public byte[] BinaryEncrypt(java.lang.String tableName,
                            java.lang.String columnName,
                            byte[] binaryData,
                            int rowNumber)
Invoked by InstantDB just before a binary column is about to be written to disk.

Parameters:
tableName - The name of the table being encrypted. A single TableEncrypt object can be associated with multiple tables. This parameter allows the implementation to vary the encryption process for each table.

columnName - The name of the binary column being encrypted. Multiple binary columns can be encrypted in the same table. This parameter allows the implementation to vary the encryption process for each binary column.

binaryData - The binary data to be encrypted. The encryption algorithm may increase or decrease the size of the encrypted binary data as necessary.

rowNumber - This parameter allows implementations to vary their encryption algorithm depending on the physical row number in the table.

Returns:
Returns a byte[] containing the encrypted value of the binary data. The encryption algorithm may increase or decrease the size of the encrypted binary data as necessary.

Decrypt

public void Decrypt(java.lang.String tableName,
                    byte[] rowBuffer,
                    int rowNumber,
                    int[] colOffsets)
Invoked by InstantDB just after a row is has been read from disk.

Parameters:
tableName - The name of the table being encrypted. A single TableEncrypt object can be associated with multiple tables. This parameter allows the implementation to vary the decryption process for each table.

rowBuffer - The actual row of data to be decrypted. On return from this method, rowBuffer should contain decrypted data.

rowNumber - This parameter allows implementations to vary their decryption algorithm depending on the physical row number in the table.

colOffsets - An array specifying the offsets of each column in rowBuffer. The control column: $$control, which is present in every InstantDB table is included in both the rowBuffer and colOffsets.

BinaryDecrypt

public byte[] BinaryDecrypt(java.lang.String tableName,
                            java.lang.String columnName,
                            byte[] binaryData,
                            int rowNumber)
Invoked by InstantDB just after a binary column has been read from disk.

Parameters:
tableName - The name of the table being decrypted. A single TableEncrypt object can be associated with multiple tables. This parameter allows the implementation to vary the decryption process for each table.

columnName - The name of the binary column being decrypted. Multiple binary columns can be encrypted in the same table. This parameter allows the implementation to vary the decryption process for each binary column.

binaryData - The binary data to be decrypted. The decryption algorithm may increase or decrease the size of the decrypted binary data as necessary.

rowNumber - This parameter allows implementations to vary their decryption algorithm depending on the physical row number in the table.

Returns:
Returns a byte[] containing the decrypted value of the binary data. The decryption algorithm may increase or decrease the size of the decrypted binary data as necessary.