Implementation method for supporting SM4 national cryptographic algorithm by storage encryption function in OpenGauss database

Abstract

The invention belongs to the technical field of relational database management and operating systems, and particularly relates to an implementation method for supporting an SM4 cryptographic algorithm by a storage encryption function in an OpenGauss database. The method comprises the steps of generation, verification and storage of an encryption key, assignment and storage of an encryption algorithm, security detection of the encryption key, data encryption and decryption processing and storage, key destruction and the like. According to the method, data security can be effectively guaranteed, illegal users are prevented from stealing privacy and core data, and the national information management requirement that completely autonomous and controllable basic software must be achieved is well met. Besides, the method does not use an external hardware PCI encryption card, does not increase the packaging, deployment and maintenance cost of a database product, does not affect the use convenience and user experience of a database system, and has the potential of continuous improvement and long-term application.

Description

technical field [0001] The invention belongs to the technical field of relational database management and operating system, and in particular relates to a method for realizing the storage encryption function supporting the SM4 national secret algorithm in an OpenGauss database. Background technique [0002] Most of the data in the database is stored on the disk in the form of physical files, and all data is in plain text. From the perspective of data security, there is a very high risk of being stolen. Therefore, it is necessary to encrypt and store the customer's business data files. [0003] OpenGauss is an open-source relational database management system whose core is derived from PostgreSQL. Because its source code does not contain codes related to the key management system, the storage encryption function cannot be used normally, and customer data is still stored on the disk in plain text. Safety cannot be guaranteed. [0004] With the rapid development of the domesti...

AI Technical Summary

Problems solved by technology

[0003] OpenGauss is an open-source relational database management system whose core is derived from PostgreSQL. Because its source code does not contain codes related to the key management system, the storage encryption function cannot be used normally, and customer data is still stored on the disk in plain text. security cannot be guaranteed

[0004] With the rapid development of the domestic credit and innovation industry, the information management department clearly requires that the basic software including database software must be fully autonomous and controllable. However, the use of international encryption algorithms such as AES-128 or AES-256 cannot meet the requirements of independent control Therefore, it is very necessary to implement the database storage encryption function to support the national secret algorithm SM4

[0005] On the other hand, although there are many types of PCI encryption cards on the market, they provide a very rich encryption and decryption interfaces and encryption algorithms. The encryption algorithms include international algorithms such as RSA, AES, and DES, as well as SM2, SM3, and SM4. , SM9 and other national secret algorithms, however, as a pure software system, the database product has complex logic and high maintenance costs. If the storage encryption function uses the encryption and decryption interface in the hardware PCI encryption card, it is necessary to install the hardware PCI encryption card in advance when deploying the product. For the driver, the PCI encryption and decryption dynamic library needs to be added when the product is packaged, which adds new costs to the packaging, deployment and maintenance of the database product, and at the same time has a negative impact on the convenience and user experience of the database system

Images