Enabling encryption with IBM Global Security Kit (GSKit)

Administrator Guide : Security : Encryption : Enabling encryption with IBM Global Security Kit (GSKit)

The IBM Global Security Kit (GSKit) library can be used with solidDB^® to enforce strong encryption of passwords and data. The use of GSKit for encryption is controlled with the General.UseGSKit parameter on the server side. If you want to use external authentication, equivalent connection settings are needed also on the client side.

About this task

The GSKit library is installed during solidDB^® installation. The solidDB^® installation program installs the GSKit libraries that the solidDB^® server and clients must be able to load. The GSKit installation includes also a set of auxiliary libraries.

The GSKit libraries for the most common platforms are shown in the table below:

Platform	GSKit library	GSKit default installation location	Auxiliary library directories
Windows	gsk8iccs.dll gsk8iccs_64.dll	<solidb installation directory>\bin	<solidb installation directory>\bin\C <soliddb installation directory>\bin\N
Linux	libgsk8iccs.so libgsk8iccs_64.so	<solidb installation directory>/bin	<solidb installation directory>\bin\C <solidb installation directory>/bin/N
Solaris	libgsk8iccs_64.so	<solidb installation directory>/bin	<solidb installation directory>\bin\C <solidb installation directory>/bin/N
HP-UX	libgsk8iccs_64.so	<solidb installation directory>/bin	<solidb installation directory>\bin\C <solidb installation directory>/bin/N
AIX	libgsk8iccs_64.so	<solidb installation directory>/bin	<solidb installation directory>\bin\C <solidb installation directory>/bin/N

Procedure

Ensure that the GSKit library and auxiliary libraries are available on the computer where solidDB^® server is running.

On the server computer:

1 Set the General.UseGSKit parameter to yes.

2 Set the General.GSKitPath parameter to point to the directory where the GSKit library is located.

3 Optional: If you want that the passwords of any internally authenticated users are sent over a network connection using strong encryption, set the General.GSKitLoginRequired parameter to yes.

For example:

[General]
UseGSKit=yes
GSKitPath=/home/UNICOM/soliddb/soliddb-7.0/bin/
GSKitLoginRequired=yes

4 Optional: If you want to use external authentication, install and configure GSKit on the client computer. See Encrypting database and log files for details.

Results

The GSKit is used for encryption of passwords.

What to do next

To encrypt a database using GSKit, follow the instructions in Encrypting database and log files.