Encryption

Sparksee supports encryption at the storage level. This means that everytime an extent is written to the disk, this ins encrypted, and each time it is read from the disk, this ins decrypted. The AES mode supported is AES CBS mode, which supports either a 8 byte (64bit), 16 byte (128 bit) or 32 byte (256 bit) key, and which also requires a 16 byte (128 bit) Initialization Vector (IV) to be provided (See ‘Configuration’ chapter Storage section). The block size is 16 byte (128 bit). Both the key and the format must be passed as an hex string. For example, the following would be a valid 8 byte key: “AABBCCDDEEFF0011”.

When an image is created, it can be created with encryption enabled by means of the SparkseeConfig#setAESEncryptionEnabled or by setting the corresponding variable in the configuration file. However, this last option is discouraged for obvious security reasons and is only provided for the ease of testing purposes. Alternatively, SparkseeConfig#setAESEnctyptionEnabled overload that receives an integer with the key size can be used. In such a case, the user is responsible for retrieving the key (using SparkseeConfig#getAESKey) and the IV (by means of the SparkseeConfig#getAESIV method) and storing them.

When opening an image with encryption enabled, both the correct key and IV must be provided through SparkseeConfig#setAESEncryptionEnabled or by means of the corresponding variables in the configuration file (again, this last option is discouraged). If either an incorrect key or an incorrect IV are provided, an EncryptionError exception will be thrown.

On the other hand, attempting to open an image with encryption disabled but with either the key or the IV set, will also throw a FileNotFoundException exception.

Encryption from an existing image can be enabled/disabled by means of the GDBConf option (See ‘Maintenance and Monitoring’ chapter GDBConf section).

The backup files can also be encrypted by using the Graph#encryptedBackup and Sparksee#restoreEncryptedBackup methods.

[Java]
import com.sparsity.sparksee.gdb.*;

public class SparkseejavaTest
{
    public static void main(String argv[])
    throws java.io.IOException, java.lang.Exception
    {
        SparkseeConfig cfg = new SparkseeConfig("sparksee.cfg");
        cfg.setClientId("Your client identifier");
        cfg.setLicenseId("Your license identifier");
        cfg.setAESEnctyptionEnabled("00112233445566778899AABBCCDDEEFF","FFEEDDCCBBAA99887766554433221100");
        Sparksee sparksee = new Sparksee(cfg);
        Database db = sparksee.create("HelloSparksee.gdb", "HelloSparksee");
        Session sess = db.newSession();
        Graph graph = sess.getGraph();
        ...
        sess.close();
        db.close();
        sparksee.close();
    }
}
[C#]
using com.sparsity.sparksee.gdb;

public class SparkseenetTest
{
    public static void Main()
    {
        SparkseeConfig cfg = new SparkseeConfig("sparksee.cfg");
        cfg.SetClientId("Your client identifier");
        cfg.SetLicenseId("Your license identifier");
        cfg.SetAESEnctyptionEnabled("00112233445566778899AABBCCDDEEFF","FFEEDDCCBBAA99887766554433221100");
        Sparksee sparksee = new Sparksee(cfg);
        Database db = sparksee.Create("HelloSparksee.gdb", "HelloSparksee");
        Session sess = db.NewSession();
        Graph graph = sess.GetGraph();
        ...
        sess.Close();
        db.Close();
        sparksee.Close();
    }
}
[C++]
#include "gdb/Sparksee.h"
#include "gdb/Database.h"
#include "gdb/Session.h"
#include "gdb/Graph.h"
#include "gdb/Objects.h"
#include "gdb/ObjectsIterator.h"

using namespace sparksee::gdb;

int main(int argc, char *argv[])
{
    SparkseeConfig cfg(L"sparksee.cfg");
    cfg.SetClientId(L"Your client identifier");
    cfg.SetLicenseId(L"Your license identifier");
    cfg.SetAESEnctyptionEnabled(L"00112233445566778899AABBCCDDEEFF",L"FFEEDDCCBBAA99887766554433221100");
    Sparksee *sparksee = new Sparksee(cfg);
    Database * db = sparksee->Create(L"HelloSparksee.gdb", L"HelloSparksee");
    Session * sess = db->NewSession();
    Graph * graph = sess->GetGraph();
    ...
    delete sess;
    delete db;
    delete sparksee;
    return EXIT_SUCCESS;
}
[Python]
# -*- coding: utf-8 -*-
import sparksee

def main():
    cfg = sparksee.SparkseeConfig("sparksee.cfg")
    cfg.set_client_id("Your client identifier")
    cfg.set_license_id("Your license identifier")
    cfg.setAESEnctyptionEnabled("00112233445566778899AABBCCDDEEFF","FFEEDDCCBBAA99887766554433221100");
    sparks = sparksee.Sparksee(cfg)
    db = sparks.create(u"Hellosparks.gdb", u"HelloSparksee")
    sess = db.new_session()
    graph = sess.get_graph()
    ...
    sess.close()
    db.close()
    sparks.close()

if __name__ == '__main__':
  main()
[Objective-C]
#import <Foundation/Foundation.h>
#import <Sparksee/Sparksee.h>

int main(int argc, const char * argv[])
{
    @autoreleasepool {
        STSSparkseeConfig *cfg = [[STSSparkseeConfig alloc] initWithPath: @"sparksee.cfg"];
        [cfg setClientId: @"Your client identifier"];
        [cfg setLicenseId: @"Your license identifier"];
        [cfg setAESEnctyptionEnabled: @"00112233445566778899AABBCCDDEEFF" ivInHex: @"FFEEDDCCBBAA99887766554433221100"]
        STSSparksee *sparksee = [[STSSparksee alloc] initWithConfig: cfg];
        // If you are not using Objective-C Automatic Reference Counting , you
        // may want to release the cfg here, when it's no longer needed.
        //[cfg release];
        STSDatabase *db = [sparksee create: @"HelloSparksee.gdb" alias: @"HelloSparksee"];
        STSSession *sess = [db createSession];
        STSGraph *graph = [sess getGraph];
        ...
        [sess close];
        [db close];
        [sparksee close];
        // If you are not using Objective-C Automatic Reference Counting , you
        // may want to release the sparksee here , when it's closed.
        //[sparksee release];
    }
    return 0;
}
Back to Index