We are enabling our database for TDE. As per TDE it do everything in the background and one cannot check data is encrypted or not at data level, once you able to access Db you can see the data.
How QA can test this? Do we have any tools which can tell us your data is encrypted or not?
Not sure if this is the only way, but if you open up one of your data area extents in a non-encrypted db in a text editor you will see snippets of the data in clear text in it.
With TDE enabled all of this will be encrypted and unreadable.
What James is suggesting is that a grep on a known item description or a customer name on a TDE'd DB should be returning nothing.
Architect of the SmartComponent Library and WinKit
Thanks James & Mike.
Could you please also suggest if we have any tools which can compare two data files before and after encryption which we can suggest our QA team to refer for testing?
From the data administration tool > Database > Reports > Encryption Policy Reports.
To get an overview of what is encrypted.
Perform a backup restore procedure on the encrypted database.
Without the proper key phrase specific date will not be decrypted.
Run your application on that db to see the effects.
> On Aug 16, 2019, at 2:56 AM, fiservarvind wrote:
> Do we have any tools which can tell us your data is encrypted or not
you can use the "strings" command to extract all readable the text from a data extent.
then encrypt the data and run the strings command again.
this is not an exhaustive test, but it easy to do.
you can also use the "od" command to dump selected portions a data extent and compare before and after.
Is above will not show anything if I encrypt Type I Area. It seems like it only shows objects like Table, Indexes and LOBs?
When you encrypt a type i data area, /everything/ in it is encrypted and
there is no information available about individual objects. no one
should be using type i data areas anymore, except for small databases
that do not change much if at all.
one of the many disadvantages of type i data areas is that many new
features cannot be implemented for them, or can be only partially
implemented. this is their nature.
For a type 1 area using a command like:
proutil databaseName -C epolicy scan area "areaName"
would return something like:
areaName20 / 20 CURRENT AES_CBC_128 V:0 200 of 627 blocks encrypted
indicating how many blocks in that area are already encrypted and how many still need to be encrypted.
More info on that epolicy scan command can be found on:
Hopes this help,