检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Step 3: Performing a Simulated Encryption Test Before encrypting a database table, perform a simulation encryption test to check whether the database meets the encryption requirements. Log in to the web console of the instance as user sysadmin.
Step 1: Buy Database Security Encryption This section describes how to buy a database encryption instance. The instance can be billed on a yearly/monthly basis. Database encryption is in the open beta test (OBT) phase. To use this function, submit a service ticket. Limitations and
Setting Encryption Parameters Set ciphertext encoding mode after encryption. The encoding mode can be hexadecimal or BASE64. If you want to support fuzzy search, the encryption parameter must be set to hexadecimal format. Constraint You can change the ciphertext encoding mode only
AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair. This method is recommended because it provides higher security than token-based authentication. Token-based Authentication The validity period of a token is 24 hours.
Data Encryption and Decryption Setting Encryption Parameters Checking the Encryption Algorithm Simulated Encryption Test Configuring an Encryption Task Managing Authorization Simulated Decryption Test Configuring a Decryption Task Encryption Table Management Rolling Back the Table
Simulated Encryption Test Before configuring the encryption task, you are advised to perform a simulated encryption test to check whether the encryption is normal. Procedure Log in to a database encryption and access control instance as the sysadmin user. In the navigation tree, choose
Encryption Table Management For encrypted tables, functions such as Edit Index and Edit Non-encrypted Column are supported on the web page. Editing Index When the data volume is large (for example, more than 10 million rows), querying encrypted columns is time-consuming. You can add
Database Security Encryption Instance Management On the management console, you can restart, disable, and unbind EIP from database instances. Log in to the management console. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page
Database Security Encryption Management Instance Management Database Security Encryption Instance Management System administrator operation guide Security Administrator Operation Guide Operation Guide for Audit Administrators
Figure 1 Network Mode Encrypting Data The system supports data encryption and integrity verification, meeting the evaluation requirements of graded protection and sub-protection as well as the evaluation requirements of storage data integrity and confidentiality assurance in the application
Checking the Encryption Algorithm After a key is initialized, the system generates the corresponding encryption algorithm. You can view the encryption algorithms supported by the system on the View Algorithm page. Prerequisites Ensure that the key has been initialized. For details
Enabling and Using Database Security Encryption Introduction to Database Encryption and Access Control Step 1: Buy Database Security Encryption Step 2: Logging In to the Instance Web Console System Function Configuration and Application Scenario Examples
If the resource usage exceeds the threshold, the system stops encrypting data to reduce the impact on services. You are advised to set the following parameters if possible. Host IP Host IP address. Host Port SSH service port of the host. The default SSH service port is 22.
Configuring an Encryption Task If you are familiar with the database table structure, add it on the Encryption Task Management page. After encryption is configured, unauthorized users can view only the ciphertext when querying the database information. If you are not familiar with