idug do you sleep well while your data's at rest - db2

Do you sleep well while your data’s at rest?

DB2 Native Encryption is the remedy!

Michael Tiefenbacher, ids-System GmbH

Session Code: CX2

Date and Time of Presentation

Platform: DB2 LUW

© Copyright by Michael Tiefenbacher

Session Objectives

• Introduction of the DB2 native encryption functionality

• Steps to encrypt databases including creating a keystore and

encrypting existing databases

• Encrypting backups for databases

• First experiences and results including size and performance

comparisons.

• Potential traps and lessons learned

2


Agenda

• Introduction

• Steps to encrypt databases

• Encrypt Backups

• First Experiences

3


Highlights

• Transparent for Applications

• No changes necessary

• For Backups and Online Databases

• At database level

• Characteristics

• Based on Public Key Cryptography Standard #12 (PKCS#12)

• NIST compliant use of cryptography (e.g. NIST SP 800 – 131)

• FIPS 140-2 verified encryption libraries

• Default encryption algorithm is AES 256

• Others possible (3DES or AES-128)

• Available wherever DB2 is available

4


What gets encrypted?

• All tablespaces

• All kinds of data (LOB, XML, etc.)

• Load copy and load files

• Transaction logs

• .bin dumpfiles

• Keys are kept encrypted in memory if not used

• NOT encrypted:

• Data being read by an application

• Exports

5


Product Information

• Native Encryption

• Introduced in DB2 10.5 FP5

• Announced 20. January 2015

• http://www-

01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/6/8

72/ENUSAP15-0026/index.html&lang=en&request_locale=en

• http://goo.gl/YQs9bF

• DB2 Encryption Offering before DB2 11.1

• Part of Advanced Editions and Express-C

• Optional component for ESE, WSE and Express

• In DB2 11.1 it is included!

6


Encryption Basics

• Symmetric Encryption

• Encryption and decryption with the same key

• Example: AES, 3DES

• Native Encryption ONLY uses symmetric algorithms because of the

improved performance and keeps the size of the data

• Asymmetric Encryption

• Public Key: encryption key

• Private Key: decryption key

• Example: RSA

7


2-Tier Encryption Model

• 1. Tier:

• DEK: Data Encryption Key

• This key is used to encrypt the data

• Is stored in the database and in the backup

• 2. Tier:

• The DEK gets encrypted itself with a Master Key (MK)

• This is called Envelope Encryption

• The MK is stored outside the database - in the PKCS12 keystore

• Only the DB2 instance owner should have read/write access to the

keystore

• Reason: if a key needs to be changed only the DEK needs to

be re-encrypted – but not all the data

8


Architecture

r

Data

Database

Keystore (PKCS12)

Level 1

DEK

DEK

MK

MK

DEK: Data Encryption Key

MK: Master Key

Level 2

File

stash

9

Stash File

Password

��H��b�شogd�{/�,�Sw�F�Y

“obfuscated“

Password


Global Security Kit

• GSKit: IBM Global Security Kit

• Gets installed with DB (sqllib/gskit)

• Libraries are used

• Command Line: gsk8capicmd_64

• Keystore

• Encrypted file which stores the encryption Master Keys

• Can also store certificates for SSL connections

• USER is responsible for Backup and securing this file

• Location suggestion: instance owner home directory

• For PureScale it need to be a shared location

• Not part of the DB2 backup – separation is important

USER is responsible for file backups !!!


Agenda

• Introduction


• Encrypt Backups


11


Create a Keystore

./sqllib/gskit/bin/gsk8capicmd_64

-keydb

-create

-db keystore.p12

-pw IDSsystem_Michael

-strong

-type pkcs12

-stash

Password rules:

Mixed case letters, special characters min. 14

characters

CTGSK3048W The password is weak.

Path and add “_64“ if needed

Create keystore

Store password (encrypted)

drwxr-xr-x 2 db2inst2 dasadm1 4096 21. Feb 14:54 bin

-rw-r--r-- 1 db2inst2 dasadm1 0 21. Feb 16:24 db2

-rw------- 1 db2inst2 dasadm1 0 21. Feb 16:35 keystore.p12

-rw------- 1 db2inst2 dasadm1 129 21. Feb 16:35 keystore.sth

drwxrwsr-t 22 db2inst2 dasadm1 4096 21. Feb 15:04 sqllib

Delete shell history afterwards !!!


Adjust DB2 Configuration

• Instance Configuration

• Can be changed online

• Evtl. SQL1362W One or more of the parameters submitted for immediate

modification were not changed dynamically.

• But a terminate is enough

• KEYSTORE_TYPE:

• Before DB2 11.1: PKCS12

• DB2 11.1: Key Management Interoperability Protocol (KMIP) version 1.1

db2 update dbm cfg

using keystore_type pkcs12

keystore_location /home/db2inst2/keystore.p12

13


GSK Objects

• Master Key Label

• Identification for keys

• Use useful naming conversions

• Instance name and DB name should be included

• Default if label is created by DB2:

DB2_SYSGEN_<instance>_<database>_<timestamp>

• Is recorded in the log

• Master Key

• Is generated by DB2 (default)

• Can be provided – binary file

• DO NOT DELETE – once it got used!

• Can be needed for restores of older backups

14


Master Key

• Manually created Master Keys and Labels are needed for

• Encrypted backups of an unencrypted database

• If HADR is used – identical keys are needed for Primary and Secondary

• For backups – if additional keys are used to transfer it to a test

environment without disclosing the production keys

• Automatically created by DB2:

• at CREATE DATABASE

• Restoring into a new database

• Rotating keys (more later)

15


Create Master Key

• Can be created automatically at database creation time

• if MASTER KEY LABEL option is not used

• Needs to be created manually & needs to be specified for

creating encrypted backups of unencrypted databases

• In the Backup command

• or in the DB CFG

./sqllib/gskit/bin/gsk8capicmd_64

-secretkey

-add

-db keystore.p12

-stashed

-label mylabel

-file mysecretfile

Add a key

See next page

Naming concept is useful with instance and DB name

16

Needs to match the key store creation


Create Secret File

• File

• Needs to be binary

• With the size of the encryption key

• Should be as random as possible

• Remove it after use

dd if=/dev/urandom of=mysecretfile bs=32 count=1

chmod 600 mysecretfile

Output fileRandom generator 32 Byte = 256 Bit

17


Stashfile

• stores keystore password in an “obfuscated“ way

• Can automatically provide the password

• Stashfile (<keystore>.sth) must be accessible only for the

instance owner

• Encrypted databases are only accessible with the keystore

password

• Without stashfile

• password for the keystore needs to be specified when starting the

instance

db2start open keystore using <keystore-password>

db2start open keystore passarg filename:<file>

18

Needs same security

as the keystore itself!


Create Database – Standard

• in DB CFG

• Master Key is automatically added to keydb

db2 create db dbenc encrypt

db2inst2@sles11sp2:~> ll

…

-rw------- 1 db2inst2 dasadm1 3454 21. Feb 17:48 keystore.p12

-rw------- 1 db2inst2 dasadm1 129 21. Feb 16:48 keystore.sth

Encryption Library for Backup (ENCRLIB) = libdb2encr.so

Encryption Options for Backup (ENCROPTS) =

CIPHER=AES:MODE=CBC:KEY LENGTH=256

Encrypted database = YES

19


Create Database – Individually

• Encryption technique can be choosen individually

• Label identifies master key in keystore

db2 create db dbenc encrypt

cipher aes

key length 128

master key label mklabel

AES or 3DES

128, 168, 192, 256

If not specified it gets

created automatically,

If specified it has to

exist in advance

20


Encryption of Existing Databases

• Cannot be done inplace

• Can be achieved by restoring a database into a new one

db2 restore db sample from /diskb/backup taken at 20150221181051

into senc encrypt

DB20000I The RESTORE DATABASE command completed successfully.

…

Encryption Library for Backup (ENCRLIB) = libdb2encr.so


CIPHER=AES:MODE=CBC:KEY LENGTH=256

Encrypted database = YES

21


Agenda

• Introduction


• Encrypt Backups


22


Backup Encryption – Standard

• Depends on DB CFG encrlib and encropts

• If set every backup gets encrypted

• Is set automatically for encrypted databases

• Library:

• Unix: libdb2encr.so

• AIX: libdb2encr.a

• Win: db2encr.dll

• Library for Compression and Encryption

• Unix: libdb2compr_encr.so

• AIX: libdb2compr_encr.a

• Win: db2compr_encr.dll

• Defaults:

• Unencrypted database => Backup unencrpyted

• Encrypted database => Backup encrypted23

It is INDEPENDED of

the encryption of

the database


Backup Encryption

• Encryption of backups for unencrypted databases

• Prerequisite: Master key with master key label has to exist in the

keystore

• Option 1: ENCRLIB and ENCROPTS set in DB CFG

• durable default

• Option 2: Options ENCRLIB and ENCROPTS in BACKUP command

• Encryption of a single backup

24


Option 1: DB CFG – ENCRLIB

• ENCRLIB

• Only SECADM can configure it

• IMPORTANT: Therefore a database connection is necessary to change them

• otherwise SQL6112 RC 14

• Path to the encryption library

• Encryption: libdb2encr.so (Unix), libdb2encr.a (AIX), db2encr.dll (Win)

• Encryption & Compression: libdb2compr_encr.so (Unix),

libdb2compr_encr.a (AIX), db2compr_encr.dll (Win)

• If set backups are encrypted Path

Path is expanded

db2 "update db cfg for test

using encrlib /home/db2inst2/sqllib/lib64/libdb2encr.so"

…

Encryption Library for Backup (ENCRLIB) =

/opt/ibm/db2/V10.5/lib64/libdb2encr.so.1

25


Option 1: DB CFG – ENCROPTS

• ENCROPTS

• Only SECADM can change it

• IMPORTANT: Therefore a database connection is necessary to change

them - otherwise SQL6112 RC 14

• All parts are optional and are separated with “:“ • Structure:

Cipher=cipher-name::::Mode=mode-name::::Key Length=key-length::::Master Key Label=label-name-1...::::Master Key Label=label-name-n

•

• IfIfIfIf setsetsetset theytheytheythey will will will will bebebebe usedusedusedused• They cannot get overwritten by any options of the backup command

db2 "update db cfg for test using encropts 'Cipher=AES:Key

Length=256:Master Key Label=MKL_TestDB'"

Encryption Options for Backup (ENCROPTS) = Cipher=AES:Key

Length=256:Master Key Label=MKL_TestDB26


Option 1: Backup Command

…


/opt/ibm/db2/V10.5/lib64/libdb2encr.so.1

Encryption Options for Backup (ENCROPTS) = Cipher=AES:Key

Length=256:Master Key Label=MKL_TestDB

Encrypted database = NO

db2 backup db test to /diskb/backup

27

Only for Backups -

does not relate to the

database itself!


Option 2: Backup Command

…



Encrypted database = NO

28

db2 "backup db sample to /diskb/backup encrypt

encrlib '/home/db2inst2/sqllib/lib64/libdb2encr.so'

encropts 'Master Key Label=MKL_SampleDB'"

Will only work with

no encryption

settings in the DB CFG

mind the quotes


Check Backup – db2ckbkpdb2ckbkp -h /diskb/backup/DBENC.0.db2inst2.DBPART000.20150221181128.001

=====================

MEDIA HEADER REACHED:

=====================

Server Database Name -- DBENC

Server Database Alias -- DBENC

…

Backup Mode -- 0 (Offline)

Includes Logs -- 0 (No)

Compression -- 2 (Encrypted)

Backup Type -- 0 (Database-level)

…

Backup Buffer Size -- 4460544 (1089 4K pages)

Number of Sessions -- 1

Platform -- 0x1E (Linux-x86-64)

Encrypt Info Flags -- 0x1

Source DB was encrypted

The proper image file name would be:

DBENC.0.db2inst2.DBPART000.20150221181128.001

[1] Buffers processed: ############################

Image Verification Complete - successful.

or 4 (User Defined Library)

Will be changed

in FP 6

References

the database

– not the

backup

Compression and encryption are

both backup libraries

29


Changing Passwords

r

Data

Database

Keystore (PKCS12)

Level 1

DEK

DEK

MK

MK

DEK: Data Encryption Key

MK: Master Key

Level 2

File

30

Stash File��H��b�شogd�{/�,�Sw�F�Y

DEK cannot

be changed

Password to keystore

can be changed

with gsk8capicmd

MK can be

“rotated“


Rotate Master Key

• ADMIN_ROTATE_MASTER_KEY procedure

• LABEL can be specified

• Otherwise the default is used

• Master Key Label has to exist in keystore

• DPF: alle partitions have to be active

db2 connect to dbenc

db2 "call admin_rotate_master_key('MKL_dbencDB')"

Value of output parameters

--------------------------

Parameter Name : LABEL

Parameter Value : MKL_dbencDB

Return Status = 0

31

It is the Master

Key NOT the

password of the

keystore


Change Keystore Password

• gsk8capicmd_64 with “-changepw“ option

• -db <keystore> is needed

• -stash is needed if keystore has been created

with this option

• Will prompt for the current password

• alternatively “-pw“ could be used

./sqllib/gskit/bin/gsk8capicmd_64 -keydb -changepw

-db keystore.p12 -new_pw IDS_Michael –stash

32

Important: Backup keystore & stash file and document the change!


Encryption Info

• ADMIN_GET_ENCRYPTION_INFO table function

• Returns information about encryption

• Encryption algorithm

• Keystore information

• Rotation time

• etc.

• db2pd with -encryptioninfo option

db2 select * from table(admin_get_encryption_info())

33

db2pd –d db2encr -encryptioninfo


Restore

• Restore of an encrypted database

• The ENCRYPT options needs to be specified with the RESTORE command

• Other encryption algorithm can be specified

• Error message is returned otherwise

• In case a encrypted database should be restored unenrypted the

“NO ENCRYPT“ option has to be specified

db2 restore db dbenc from /diskb/backup/ taken at … encrypt

34


Restore Option – Part 1/3

• Restore command was extended

• Option: SHOW MASTER KEY DETAILS

• Extracts encryption details to a file in the db2dump folder

• Only header information is read from the backup image

35

This option is NOT part of the RESTORE syntax (in KC) as it depends on the

library used – and it only works in the default db2 native encryption library

m1

Folie 35

m1 mitiids01; 15.07.2015



ATTENTION:

• The notification that the database gets overwritten

can be answered with yes – it will not be overwritten!

• If it is a non-existent database a skeleton database will be created

that need to be dropped afterwards

• If Backup image in NOT encrypted your database gets overwritten!

db2 "restore db dbenc from /diskb/backup/ taken at

20150222145226 encropts 'show master key details' “

SQL2539W The specified name of the backup image to restore is

the same as the name of the target database. Restoring to an

existing database that is the same as the backup image database

will cause the current database to be overwritten by the backup

version.

Do you want to continue ? (y/n) y

DB20000I The RESTORE DATABASE command completed successfully.

36



db2inst2@sles11sp2:~/sqllib/db2dump> more

DBENC.0.db2inst2.DBPART000.20150222145226.masterKeyDetails

KeyStore Type: PKCS12

KeyStore Location: /home/db2inst2/keystore.p12

KeyStore Host Name: sles11sp2.site

KeyStore IP Address: 127.0.0.2

KeyStore IP Address Type: IPV4

Encryption Algorithm: AES

Encryption Algorithm Mode: CBC

Encryption Key Length: 256

Master Key Label: DB2_SYSGEN_db2inst2_DBENC_2015-02-21

-17.48.54

37


HADR Support

• Primary and standby will be encrypted

• There is a possibility to encrypt only one but this could be problematic

• Secondary is created with a restore of the primary backup – with

encryption option

• MK needs to be created manually and needs to be imported in

both keystores

• Via export and import

38

Primär-Server

Standby-ServerHADR HADR

TCP/IP


PureScale Support

• Keystore must be accessible for all members

• shared location

• PureScale and DPF can communicate the password internally

39


Agenda

• Introduction


• Encrypt Backups


40


Further Effects

• Database size is (nearly) unchanged

• Backup size is a little bigger (according to the lab)

• Backing up buffers get encrypted and this could lead to a small increase

in size – up to the block size of the algorithm (16 bytes for AES).

• => see tests

• BACKUP of an encrypted database

• The COMPRESS option will no longer work

• Attention: no feedback in the command

• No visible annotation in the db2diag.log

• In the command no other library can be specified if ENCRLIB is

configured in DB CFG

• SQL2459 RC1

• If for example if libdb2encr.so is configured the backup cannot be

compressed41


Hardware Support

• Performance optimization through HW support

• Difference is about 5 %

• Only Intel is supported so far

• Following CPUs support AES encryption

• Intel

• Intel Westmere based processors, specifically:

• Intel Westmere-EP (Xeon 56xx) processors.

• Intel Clarkdale processors (except Core i3).

• Intel Arrandale processors (except Core i3, Core i5-4XXM).

• Intel Sandy Bridge processors:

• Desktop: all except Pentium, Celeron, Core i3

• Mobile: all Core i7 and Core i5.

• Intel Ivy Bridge processors - All i5, i7, Xeon and i3-2115C only.

• Intel Haswell processors. (all except i3-4000m, Pentium and Celeron)

42


Hardware Support

db2inst1@test-verschluesselung:~> cat /proc/cpuinfo

processor : 0

vendor_id : GenuineIntel

cpu family : 6

model : 44

model name : Intel(R) Xeon(R) CPU L5630 @ 2.13GHz

stepping : 2

cpu MHz : 1600.000

cache size : 12288 KB

…

flags : fpu vme de pse tsc msr pae mce cx8 apic

…

nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl

vmx smx est tm2 ssse3 cx16 xtpr pdcm dca sse4_1 sse4_2

popcnt aes lahf_lm ida arat tpr_shadow vnmi flexpriority

ept vpid

43


Hardware Support – db2diag.log

2015-08-11-18.00.37.527985+120 I218912E683 LEVEL: Info

PID : 18079 TID : 140070820505344 PROC : db2sysc 0

INSTANCE: db2inst1 NODE : 000 DB : DBE

APPHDL : 0-7 APPID: 192.168.30.27.63432.150811160037

HOSTNAME: test-verschluesselung

EDUID : 24 EDUNAME: db2agent (DBE) 0

FUNCTION: DB2 Common, Cryptography, cryptContextRealInit, probe:1271

DATA #1 : String, 37 bytes

CPU flags(string): 0x029ee3ffffebfbff


CPU flags(Uint64): 0x029EE3FFFFEBFBFF


Intel AES-NI capability detected


Intel RDrand capability not available

44

with diaglevel 4

AES support is reported

in the db2diag.log on

activation of the

database


Test – Size & Backupsize

Case Unencrypted DB Encrypted DB Difference

1 GET_DBSIZE_INFO 22665424896 Bytes

21,11 GB

22665424896 Bytes

21,11 GB

0%

1 Backup uncompressed 22721929216 Bytes

21,16 GB

22705147904 Bytes

21,15 GB

0,08%

1 Backup compressed 10253414400 Bytes

9,55 GB

10354102272 Bytes

9,64 GB

0,98%

2 GET_DBSIZE_INFO 89,3 GB 89,3 GB 0%

2 Backup uncompressed 89,21 89,12 0,1 %

• Database with benchmark tables and data

• Scenario 1: Regular and BLU tables

• Scenario 2: Regular tables

45


Test – Performance

Case Operation Unencrypted DB Encrypted DB Difference

1 CREATEs 00:00:12 00:00:12 0%

1 Load 06:55:30 07:08:09 +3,1%

1 Runstats 00:28:30 00:29:50 +4,5%

1 Selects 02:34 02:50 +10,4%

• TPC-H Benchmark 100GB

46



• TPC-H Benchmark 100GB

47

00:00:00

00:28:48

00:57:36

01:26:24

01:55:12

02:24:00

02:52:48

03:21:36

03:50:24

without AES support with AES support

SQL Runtime

DB unencrypted DB encrypted



48

0

1000

2000

3000

4000

5000

6000

7000

8000

0

10

20

30

40

50

60

70

80

90

100

01

:59

02

:26

02

:53

03

:20

03

:47

04

:14

04

:41

05

:08

05

:35

06

:02

06

:29

06

:57

07

:24

07

:51

08

:18

08

:45

09

:12

09

:39

10

:06

10

:33

11

:00

11

:27

11

:54

12

:21

12

:48

13

:15

13

:42

14

:09

14

:36

15

:03

15

:30

15

:57

16

:24

16

:51

17

:18

17

:45

18

:12

18

:39

19

:06

19

:33

20

:00

20

:27

20

:54

21

:21

21

:48

22

:15

22

:42

23

:09

23

:36

Dis

k x

fers

usr

%+

sys% System Summary test-verschluesselung 03.10.2015

CPU% IO/sec


Debugging

• Error messages are often quite unspecific

• SQL6112N The configuration parameter was not updated because the

resulting configuration parameter settings would not be valid. Reason

code "14“

• => Connect to DB is missing, i.e. to change ENCRLIB

• Look into db2diag.log for error messages

• i.e. something is wrong with the libraries

• Error messages more specific here

• In case of a support case IBM ensured that the master key

never needs to be sent

• If needed encrypted debug files will be decrypted with a separate local

tool and sent unencrypted

49


Further Information

• Knowledge Center

• http://www-

01.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.lu

w.admin.sec.doc/doc/t0061766.html?lang=en

• GS User Guide

• http://www-01.ibm.com/support/docview.wss?uid=swg27038855

• Walid Rjaibi about Native Encryption

• http://www.ibmbluhub.com/wr_db2-native-encryption-video/

• IDUG Tech Talk by Greg Stager

• http://www.idug.org/p/cm/ld/fid=582

50


Further Information

• Encrypting Data Values in DB2 Universal Database

• http://www.ibm.com/developerworks/data/library/techarticle/benfield/

0108benfield.html

• I encrypted my database! How do I manage my master keys

now?

• http://www.ibm.com/developerworks/data/library/techarticle/dm-

1504-master-encrypted-keys/index.html

• DB2 Nightshow #157: DB2 LUW 10.5 FP5 New Encryption with

George Baklarz

• http://www.dbisoftware.com/blog/db2nightshow.php?id=608

• Presentation also available as PDF with lots of annotations an extra

slides.

51

Michael Tiefenbacherids-System GmbH

[email protected]

Twitter: globomike

CX2

Do you sleep well while your data’s at rest?DB2 Native Encryption is the remedy!

Please fill out your session

evaluation before leaving!


Further Command Examples

• List master keysgsk8capicmd_64 -cert -list -db keystore.p12 -stashed

• Export and import master keysgsk8capicmd_64 -cert -export -db keystore.p12 -stashed

-label MKL_db -target ~/db2/exportedkey.p12 -target_type pkcs12 -

target_pw Str0ngPassw0rd

gsk8capicmd_64 -cert -import -db keystore.p12 -stashed -pw

Str0ngPassw0rd -label MKL_db -target ~/db2/db2keys.p12 -

target_type pkcs12

53

idug do you sleep well while your data's at rest - db2

Documents