LiteSpeed

Product Enhancement ID 112202

I am writing this in regards to a Product Enhancement request (#112202) for LiteSpeed that had been entered last month.  This request involved providing clients with the ability to somehow store and retrieve the encryption code for database backups.  Can someone from Dell provide me with an update on this request - whether or not it was approved, and if so, if there is a timetable to deploy this enhancement in a future upgrade? 

  • I am not sure I understand your question correctly: Are you using backup encryption and are requesting that LiteSpeed provide integrated key management so compliance officers or the DBA team can more easily manage encryption keys over time? Or are you asking for a way to recover a lost encryption key?

    Thanks.

  • I am asking for a way to recover a lost encryption key.

  • Unfortunately, there is no way to recover a lost encryption key. That is by design. There is no usable information about the encryption key stored in the backup that can be recovered. The only method for recovery of the database would be a brute force, dictionary attack, which would likely prove ineffective as long as a good encryption key were used.

  • I have already found out the hard way that the current LiteSpeed design does not allow for the recovery of a lost encryption key. Someone from the Dell Support team put in a Product Enhancement request on my behalf asking that the product be enhanced to allow clients to recover lost encryption keys – Product Enhancement ID 112202. Since backup information on each database is written to LiteSpeedLocal, I think it would be possible to include the encryption with the backup data, and leave it to each client to properly restrict access to the LiteSpeed database(s).

  • I understand the difficulties in losing an encryption key. Key management is a tricky topic. Our goal with LiteSpeed is to provide the highest-level of security for encrypted backups. Unfortunately, storing the encryption keys in the repository is not something on the roadmap at this time. You may want to look at third party key management solutions that may be able to assist you in tracking keys in a secure manner. Googling "sql server encryption key management" brought up some results worth investigating.

    Thanks.