2373 - Informix 无处不在的加密.pdf

1、#2373Informix Encryption:Everywhere EverywayTom B8 October 2025Why Is Encryption A Big Deal USD$4.44M Average cost of data breach according to IBM analysis of data from PonemonInstitute*Bad actors getting inside your network is more common than ever Data flowing unencrypted is a goldmine for hackers

2、 Unencrypted backups are as damaging to lose access to as the engine itself being compromised Auditors get unhappy when they find open data*https:/ Keystore Small file-based database of certificates(public and/or private keys)Stash file Small local protected file that contains password information t

3、o open password protected keystores Certificate File that holds public key information2How Informix ProtectsInformix has a robust set of encryption tools:1.Encryption at rest 2.Encryption in transit3.Backup Encryption4.Encryption in the database3Encryption At Rest Introduced in 12.10 xC8 Encrypts th

4、e dbspace chunks themselves Prevents direct read or access from the filesystem or raw spaces themselves Also protects against physical hardware theft or docker container loss Good for systems that may not always be online or that someone external might have access to the disks Operating system disk

5、level encryption may give the same results Can use an external key manager45Encryption At RestTo set it up create a new new stashed keystore using the onkstore commandonkstore create file -type local cipher aes256Create the keystore in$INFORMIXDIR/etcThen add a new$ONCONFIG parameter:DISK_ENCRYPTION

6、 keystore=,cipher=aes256Bounce the engineIf the stash file is in$INFORMIXDIR/etc it will come up automaticallyIf the keystore+stash file are not present the engine will not come upFiles are only used during startup,they can be moved after an engine is up,just dont lose them6Encrypting The Data Once