Migrating a CipherDB App from AES-128 to AES-256 encryption

One question we’re often asked is what happens when you migrate your CipherDB App from a Free or Basic plan that uses AES-128 encryption to a Standard or Premium plan that uses AES-256 encryption. It’s a great question that highlights some of the features we built into CipherDB.

When you first register for CipherDB, we automatically create an App for you on the Free plan.  You can also create additional Apps yourself using the Crypteron Dashboard.  Whenever an App is created, we automatically create a default Security Partition for you that uses an encryption key tied to the App’s plan. If your App is on a Free or Basic plan, then that Security Partition as well as any new Security Partitions you add yourself, will utilize AES-128 encryption (OID: 2.16.840. If your App is on a Standard or Premium plan, the Security Partition(s) will use AES-256 encryption (OID: 2.16.840.

If you switch your App from an AES-128 plan (Free and Basic) to an AES-256 plan (Standard and Premium), or vice versa, you will have to generate a new key for that App’s Security Partition(s). You can do this by clicking on each of the App’s Security Partitions and then clicking the rollover button, shown below:

Key Rollover

Clicking this button will generate a new Key for that Security Partition based off of the App’s current plan. If the App is on a Free or Basic plan, then the new key will use AES-128 encryption. If the App is on a Standard or Premium plan, then the new key will use AES-256 encryption. We are considering making this process automatic, so that the act of changing a plan between Free/Basic and Standard/Premium will rollover the keys for all of the App’s Security Partitions automatically. Please let us know if you would find this feature useful! After clicking the Key Rollover button, you’ll notice that the Key Version has been increased by 1. In the image above, the new Key Version would be 2.

After the Plan has been changed, and the Key has been rolled over, the final step is to restart your application or application server to ensure that it is properly synced up with the dashboard.

At this point, all new data saved by your App will be encrypted and decrypted with the new AES-256 key. All existing data will continue to use the previous version of the Key using AES-128 encryption. No code changes are required on your end. If you prefer to migrate your existing data to the new AES-256 key, you can change the migration policy, specified in the app.config file from ReadOld to MigrateOnWrite. You can read more about this feature in our updated developer guide.

As always, if you have any questions about this feature, CipherDB or any of our products, please don’t hesitate to contact us or file a support ticket!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Recent blog posts

Migrating existing live data into Crypteron

You’re already live in production. And you have sensitive in the clear. Read this article to see how Crypteron can help.

Encryption, Entity Framework and Projections

Projections in Entity Framework live outside the entity lifecycle. Read more to learn how your can use Crypteron to secure such data.

PCI DSS and key rotations simplified

PCI compliance requires data encryption keys to be changed frequently. Here is how you can do it easily.

Your data-center is not secure and what you can do about it

There is no secure perimeter anymore. Neither in your corporate network nor in your data center. Fight a winning battle armed with self-protecting data rather than a losing one trying to protecting the infrastructure.

Introducing the Crypteron Startup Innovators Program

Qualifying startups get up to 50% off all plans. Tell us how you’re changing the world and the our Startup Innovators Program will support your journey.

6 encryption mistakes that lead to data breaches

If encryption is so unbreakable, why do businesses and governments keep getting hacked? Six common encryption mistakes that lead to data breaches.

Announcing the new Crypteron Community Edition

Starting today you can now sign up for the Crypteron Community Edition for free with no performance limitations.

Data breach response – One click to save your business

Get breathing room – when you need it the most. Respond to a data breach with a single click.

Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

Adding security at the application level is a large step forward in protecting data from the constant threat of data breaches

How to encrypt large files

CipherStor is blazingly fast! Here we show how to use it within your data-flow pipeline to maintain high performance when encrypting large files.

Migrating a CipherDB App from AES-128 to AES-256 encryption

by Yaron Guez time to read: 2 min