Skip to Content

Introduction

As we move our data to cloud storage and cloud database services, keeping our data save and protected from unauthorized access is obviously a high priority. To support this concern, the latest SAP HANA 2.0 SPS 03 release introduced a new security feature: client-side data encryption.

Client-side data encryption enables you to encrypt and decrypt column data using an encryption key accessible only by the SAP HANA client. Without client access, the data on the server cannot be decrypted.

If you like to learn how you can configure the SAP HANA client for client-side data encryption, how you can export, import and rotate security keys, and a range of other topics, check out the video tutorials below.

YouTube Playlist

All the video tutorials on the client-side data encryption topic are bundled in a single playlist on our channel:

 

What’s New?

In the first video, the concepts of client-side data encryption are explained.

Tutorial Video

Installation and Configuration

The SAP Common Crypto Library (libsapcrypto.so/sapcrypto.dll) and the sapgenpse(.exe) utility required for client-side encryption are included with the SAP HANA client.

For the latest version of the library, see

For the documentation, see

Tutorial Video

Getting Started with Client-Side Data Encryption

In the next two videos, we are going to set client-side encryption up.

For the code, see

For the documentation, see

Tutorial Video

Using DML with Client-Side Data Encryption

To insert or update data in the employees table, the business user must use prepared statements.

For the code, see

For the documentation, see

Tutorial Video

Using DDL with Client-Side Data Encryption

For the code, see

For the documentation, see

Tutorial Video

Rotate the Column Encryption Key

Part of the client-side encryption procedure is to rotate CEKs regularly and re-encrypt your data using the most current CEK. Key copies for the new CEK must be created for users who need access to data.

For the code, see

For the documentation, see

Tutorial Video

Exporting Client Key Pairs and Column Encryption Keys

You need to export (and backup, that is, store in a safe place) both the client key pairs and column encryption keys. Although a column encryption key (copy) will be encrypted with a particular key pair, you are not required to backup or store them together. You can always create a copy of the CEK for encryption with a new CPK.

For the code, see

For the documentation, see

Tutorial Video

Importing Client Key Pairs and Column Encryption Keys

Not surprisingly, importing client key pairs and column encryption keys is very similar to exporting.

For the code, see

For the documentation, see

Tutorial Video

HDB Key Store

For the code, see

For the documentation, see

Tutorial Video

Thank you for watching

The SAP HANA Academy provides free online video tutorials for the developers, consultants, partners and customers of SAP HANA.

Topics range from practical how-to instructions on administration, data loading and modeling, and integration with other SAP solutions, to more conceptual projects to help build out new solutions using mobile applications or predictive analysis.

For the full library, see SAP HANA Academy Library – by the SAP HANA Academy.

For the full list of blogs, see Blog Posts – by the SAP HANA Academy.

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply