티스토리 뷰
안녕하세요. Informix 데이터베이스의 디스크 저장공간인 DBSpace를 암호화하는 방법을 소개하려고 합니다.
계획에 없던 일이긴 한데 링크드인(LinkedIn) 메일을 통해 아래의 대화가 이뤄진 덕분(?)에 약식으로나마 공부하게 됐습니다.
<???>
Hello
Please help me.
How to encrypt the all dbapace in Database informix Version 14?
DBSpace 암호화 기능은 12.10.xC8 버전부터 생겼습니다.
사실 12버전에서는 테스트했었는데 14버전에서도 동일하겠거니 하고 테스트를 하지 않았죠.
처음 제가 답변한 내용의 요지는 DISK_ENCRYPTION을 설정하고 백업/리스토어를 하라는 것이었는데
14버전에서는 방법이 약간 달라진 모양입니다.
<SangGyu Jeong>
Hi.
I'm sorry for late reply.
If you want to encrypt the dbspace where the existing data is stored, it would be better to restore it using ontape or onbar.
Of course, you need to set the DISK_ENCRYPTION of onconfig and generate an encryption key.
There are a lot of resources that can be helpful if you search the internet. For example:
https://www.oninitgroup.com/informix-storage-and-backup-encryption
The link below describes how to encrypt using onbar or ontape in the IBM Knowledge Center.
https://www.ibm.com/support/knowledgecenter/en/SSGU8G_14.1.0/com.ibm.sec.doc/ids_sec_027.htm
Please test it now rather than applying encryption directly to your operating system.
I hope this helps.
<???>
Thanks
But my database version is 14
I will do this :
Ontape -r -encrypt -t full_ backup
But an error occurs
EAR ERROR : Cannot load credentials .
ERROR : cannot find credentials/keystore file ' /data/informix/etc/dbtest_keystore.p12' .
14버전에서는 암호화를 하기전에 onkstore 유틸리티로 keystore 파일을 만들어야 합니다.
12버전에는 없는 유틸리티입니다. 사실 keystore 파일만 만들고 나면 그 이후의 과정은 동일합니다.
keystore를 별도의 위치에 두거나 하는 고려사항만 없다면 말이죠.
<SangGyu Jeong>
Ok .. I just followed the steps below.
1. 14.10 instance start:
oninit -v
2. generate keystore file:
onkstore -file my_keystore -type local -cipher aes128
3. Adding parameter in onconfig file:
DISK_ENCRYPTION keystore = my_keystore
4. Full backup:
ontape -s -L 0 -t.
5. 14.10 instance stop:
onmode -ky
6. Full restore:
ontape -p -encrypt -t.
7. checking the online.log file:
....
07/30/19 12:59:12 Clearing encrypted chunk 4 before restore ...
07/30/19 12:59:40 Checkpoint Completed: duration was 0 seconds.
07/30/19 12:59:40 Tue Jul 30 - loguniq 105, logpos 0x688278, timestamp: 0x3e10dd3 Interval: 146
....
07/30/19 12:59:40 Clearing encrypted chunk 5 before restore ...
07/30/19 13:00:03 Checkpoint Completed: duration was 0 seconds.
....
07/30/19 13:02:41 Bringing system to On-Line Mode with no Logical Restore.
07/30/19 13:02:42 On-Line Mode
8. checking dbspaces:
onstat -d
....
IBM Informix Dynamic Server Version 14.10.FC1 - On-Line - Up 00:08:27 - 2929288 Kbytes
Chunks
address chunk/dbs offset size free bpages flags pathname
4681a268 1 1 0 78848 60436 PO-B-D /work1/INFORMIX/1410FC1/storage/rootdbs
494f8028 2 2 0 32768 0 PO-BED /work1/INFORMIX/1410FC1/storage/ol_informix1410_plog_p_1
494f9028 3 3 0 47977 2144 PO-BED /work1/INFORMIX/1410FC1/storage/ol_informix1410_llog_p_1
494fa028 4 4 0 5046272 4726973 PO-BED /work1/informix_storage/1410FC1/ol_informix1410_datadbs1_p_1
494d6028 5 5 0 5046272 5046219 PO-BED /work2 /informix_storage/1410FC1/ol_informix1410_datadbs2_p_1
<SangGyu Jeong>
Sorry. The encrypted representation only appears in dbspaces flags.
IBM Informix Dynamic Server Version 14.10.FC1 - On-Line - Up 00:08:27 - 2929288 Kbytes
Dbspaces
address number flags fchunk nchunks pgsize flags owner name
4681a028 1 0x10000001 1 1 2048 N BAE informix rootdbs
469c90f0 2 0x11000001 2 1 2048 N PBAE informix plog
469c9330 3 0x10000001 3 1 2048 N BAE informix llog
469c9570 4 0x10000001 4 1 2048 N BAE informix datadbs1
469c97b0 5 0x10000001 5 1 2048 N BAE informix datadbs2
469c99f0 6 0x10000001 6 1 2048 N BAE informix datadbs3
469c9c30 7 0x10000001 7 1 8192 N BAE informix data8dbs1
493a2028 8 0x10000001 8 1 8192 N BAE informix data8dbs2
493a2268 9 0x10000001 9 1 8192 N BAE informix data8dbs3
493a24a8 10 0x10002001 10 1 8192 N TBAE informix tmpdbspace1
493a26e8 11 0x10002001 11 1 8192 N TBAE informix tmpdbspace2
493a2928 12 0x10002001 12 1 8192 N TBAE informix tmpdbspace3
493a2b68 13 0x10008001 13 1 2048 N SBAE informix sbspace1
493a2da8 14 0x1000a001 14 1 2048 N UBAE informix tmpsbspace
14 active, 2047 maximum
<???>
Okay
<???>
Thank you.
Done.
나름 훈훈한 결말이었습니다. 질문주신 분께 도움이 제대로 되었을지 모르겠네요.
참고
https://www.ibm.com/support/knowledgecenter/en/SSGU8G_14.1.0/com.ibm.sec.doc/ids_sec_028.htm
- Total
- Today
- Yesterday