OrientDB supports encrypting database content to prevent unauthorized users from accessing the data.
The encryption support is available from version 2.2.
To create/access an encrypted database, we need to provide a base64 encoded encryption key. OrientDB supports encryption at a database level and each database can be encrypted with different key.
We can choose one of the algorithms for encryption :-
1. AES
2. DES
Steps:-
Set the encryption information in the OGlobalConfiguration.
// For Java 6 and below we do not have the 'PBKDF2WithHmacSHA256' algorithm embedded, // so we have to explicitly specify a different one like PBKDF2WithHmacSHA1 for compatibility // with lower java versions. OGlobalConfiguration.SECURITY_USER_PASSWORD_DEFAULT_ALGORITHM.setValue("PBKDF2WithHmacSHA1"); // Set the algorithm as AES OGlobalConfiguration.STORAGE_ENCRYPTION_METHOD.setValue("aes"); // Set the base64 encoded Encryption key. We have used the base64 representation // of the key - 'ThisIsASampleKey' OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.setValue("VGhpc0lzQVNhbXBsZUtleQ==");
Connect to the database using graph the APIs.
//This will create/open the encrypted database and return a OrientTransactionalGraph instance OrientGraphFactory ogf = new OrientGraphFactory("plocal:./mytestdb", "admin", "admin"); OrientTransactionalGraph og = ogf.getTx();
Now we can use the OrientTransactionalGraph instance to access the encrypted database.