What is the data flow if using an HSM with an encrypted Database

Question

How would someone implement an HSM if they wanted to encrypt all the tables of a database for example in a 3-tier environment?

Does the app server query the DB, get the encrypted blob and ask the hsm to decrypt it? That seems like a lot of data for the HSM to pass back and forth.

score 0 · Answer 1 · answered Apr 04 '18 at 20:15

0

Why not encrypt the data in front of the database in a proxy, then have the proxy engage the HSM which is managing the root key? This way the proxy can be used for other purposes as well.

answered Apr 04 '18 at 20:15

DanM

1

What is the data flow if using an HSM with an encrypted Database

1 Answers1