Implications of Data Encryption for Database Design and Operations
When an encrypted database is created, an AES key is created. The AES key—not the passphrase—controls the encrypted binary representation of data and is stored in the catalog.
The passphrase is used to derive another AES key (not stored), which secures the catalog-stored AES key. The passphrase is essentially a lockbox for the encrypted AES key.
The fact that there is one AES key that encrypts the user data and another passphrase-derived key that protects the first AES key has the following implications for database design and operations:
• When the passphrase is changed, database backups before this point in time must be accessed using the old passphrase. Subsequent backups must be accessed using the new passphrase.
• When the passphrase is changed, the catalog-stored key is decrypted with the old passphrase, re-encrypted with the new passphrase, and then replaced in the catalog. The user data is not re-encrypted because only the passphrase—not the underlying user key—has changed.
Last modified date: 06/28/2024