Unanswered: DB2 column level encryption in client/driver
Long story below, in short: Is there any way to have encryption services on the client boxes instead of the servers? I'm aware that I'm looking for trouble with encrypted indexes, problems with comparisons in WHERE conditions and all that, but still.
The idea would be to encrypt data before it leaves the client machine adn decrypt it when the result is retrieved on the client machine. Most solutions would do encryption and decryption in the database.
One idea I head was using a custom ODBC driver which would have the functionality to read encrypted data from the DB and decrypt it locally on the client.
DB2 UDB v9.1 (soon 9.5) on AIX.
WIN XP client machines with DB2 9.1 client.
The AIX boxes form a data ware house for a particular region, say Europe. The DWH is located in Country1. Another Country2 wants to use the services of the DWH too, so it has to feed it's data into the DWH.
Due to legal reasons, some of the data (like credit card data) must not leave the country in clear text. Encryption is not a big problem as the ETL tools support column level encryption. This encryption is happening in the origin (Country2). The data is then transferred as a file to the DWH in Country1 where the data is fed into the DWH, still encrypted.
The questions is now: How does one provide the data back to Country2 decrypted? The restriction here is that the data must no be decrypted on the DB2 server in the DWH in Country1. It has to happen in Country2.
I thought of some kind of gateway that would capture the SQL, run the query and process the records returned. However, I haven't found any such gateway. A simple ODBC driver with preprocessing/postprocessing capability would be ideal.
I've found one JDBC attempt, but the development seems to have ended back in 2005. :-(
See here: Safelogic SafeJDBC Page8 to 11