cancel
Showing results for 
Search instead for 
Did you mean: 

Can strong database encryption be used in a Synchronization Profile

1,345

I'm testing setting up a synchronization profile on a remote and ran up against a "missing encryption key" error.

There doesn't seem to be a -ek or similar switch as used with dbmlsync but looking through the docs it seems that I should try using an "Authentication Parameters" setup. I've added the authenticate_parameters connection script to the mobilink server and then used the -ap switch in the sync profile to add the ek, such as -ap "encryptionKey". From the docs it seems that this should send the ek to the mobilink server.

However, the error comes pretty quick and checking sp_get_last_synchronize_result(), the error comes after the log scan starts so,it seems this is on the remote side?

The remote is set up to synchronize with the consolidated and dbmlsync works with the -ek. The setup is over an internal network, remote and cons on separate servers.

Appreciate the help.

regdomaratzki
Product and Topic Expert
Product and Topic Expert
0 Kudos

The authentication parameters option is data that is passed to the MobiLink Server and is unrelated the the encryption of the remote database.

Is the problem using the SYNCHRONIZE command on an a strongly encrypted database?

Reg

0 Kudos

Yes, that is the problem.

Breck_Carter
Participant
0 Kudos

Did you specify -ek when starting the remote database (dbsrv16.exe etc)?

0 Kudos

Yes. -ek is specified when starting the db engine. The engine is running and I can synchronize using dbmlsync, also with -ek.

If I use the ping option with SYNCHRONIZE it pings the mobilink server successfully.

Accepted Solutions (1)

Accepted Solutions (1)

regdomaratzki
Product and Topic Expert
Product and Topic Expert

There was a limitation to the SYNCHRONIZE command before v17.0.10 (which should be released in the next week or so) that prevented it from being able to be run against a strongly encrypted unless you pre-started the dbmlsync process with the -sm switch (and possibly -po to specify the port) and the -ek switch to specify the encyrption key. Even if the database engine had been started and provided with the encyrption key, dbmlsync also needed the encryption key so it could read the offline transaction logs.

In v17.0.10, the syntax of the SYNCHORNIZE command was altered to add a "KEY key" clause so that when the SYNCHRONIZE command spawned the dbmlsync process, it could add the -ek switch to the start line of the dbmlsync process.

Reg

0 Kudos

Thank you Reg. I'll keep an eye out for the new release.

Answers (0)