H2数据库：如何通过加密进行保护，无需公开文件加密密钥 [英] H2 database: how to protect with encryption, without exposing file encryption key

问题描述

我们在服务器模式下使用Java + H2数据库，因为我们不希望用户访问数据库文件。

We are using Java + H2 Database in server mode, because we do not want users from accessing database file.

为了向数据库文件添加更多保护，我们计划使用AES加密（将CIPHER = AES添加到数据库URL），以防存储被盗。

To add more protection to database file, we plan to use AES encryption (add CIPHER=AES to database URL) in case the storage is stolen.

然而，每个用户还需要在连接时提供文件保护密码（[文件密码] [空格] [用户密码]）。

However, each user will also need to supply file protection password when connecting ([file password][space][user password]).

尽管用户无法访问数据库文件，但知道加密密钥（文件保护密码）将使加密相当无用。

Although users do not have access to database file, knowing the encryption key (file protection password) will make the encryption quite useless.

任何想法，保持数据库文件安全（加密），而不会向用户公开文件加密密钥？

Any idea to keep the database file secure (encrypted) without exposing file encryption key to users?

谢谢

推荐答案

目前没有办法在H2中执行此操作。

There is currently no way to do that within H2.

一个解决方案是使用独立于H2的文件系统加密。

One solution is to use file system encryption that is independent of H2.

但请注意，您必须提供（数据库文件或文件系统）密码。这可能是启动服务器时（提示手动输入密码）。不幸的是，因为有人必须输入密码，所以无法完全自动启动服务器。

But please note at some point you would have to provide the (database file or file system) password. This could be when starting the server (prompting for the password to be entered manually). Unfortunately, because somebody would have to enter the password, you couldn't fully automate starting the server.

这篇关于H2数据库：如何通过加密进行保护，无需公开文件加密密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！