When playing around data encryption, you usually deal with keys, certificates and passwords. Not knowing each role in protecting your data can in fact lead you to some massive data loss. Not knowing how to keep them can possibly lead you to losing your valuable data. Worst, not remembering exactly where you keep them will leave you stunned and helpless.
When dealing with encryption, especially powerful ones, you must not forget the following:
- Familiarize yourself on how keys, certificates and passwords work in correlation to encrypting data. Test is the key. but testing your first encryption should be done on some dummy data. You wouldn’t want to lose live production data through encryption just because after you have successfully done your encryption, voila … you dont know how to decrypt it .. or simply, things just won’t decrypt becuase probably you might have done something you were not suppose to do.
- Just to reiterate, just be sure you know how to decrypt data that you have encrypted. Don’t assume … see it unfold before your eyes. Decrypt it.
- When you have become a genius on the process and art of encryption and decryption, you have to know where and how to keep your keys, certificates and passwords. Be sure to jot down some notes on the various circumstances leading to encryption (applications you use, versions, configurations, etc) and keep the notes with your keys, certs and passwords.
- Don’t ever trust your memory. Age, alcohol, and even accident can wipe out keys, certs and passwords. I am sure you won’t store your notes in your head. Keep them in some safe place. I dunno … I have yet to figure out the safest place to keep these things other than my head. You might want to send some comments just in case you find one. The last thing you dont want is when it is time for you to decrypt something after a long long time, the things you need are nowhere to be found.
I actually just stumbled upon an old harddisk containing a large cache of encrypted files containing notes, codes, source files where I could not recall the password. Getting older proves to be amusing each day. Tsk tsk! The least that I could do now is to blog the experience. And this should be part of your data security strategy and data recovery strategy plans. You dont want all these to happen to your company’s financial database, do you?
Budlay man mag-tigulang kay malipaton na! :))
Toto Gamboa is a consultant specializing on databases, Microsoft SQL Server and software development operating in the Philippines. He is currently a member and one of the leaders of Philippine SQL Server Users Group, a Professional Association for SQL Server (PASS) chapter and is one of Microsoft’s MVP for SQL Server in the Philippines. You may reach him by sending an email to firstname.lastname@example.org