How to be sure that DbDefence does what it should

Digital security is changing and has become a hot topic not only for the tech industry but also for clients and users everywhere. As a security software company, we welcome the added attention. However, after recent USA-China tensions and the Huawei scandal, our potential customers have become more and more concerned about buying software from a Hong Kong company.

Activecrypt Software has a long market presence

DbDefence began development in 2009. You can find a short history of its updates here https://twitter.com/activecryptsoft. The company's domain activecrypt.com was created in 2001. Since then our SQL Server security software has been growing commercially; you can find our customer list on our Contact page. Activecrypt Software and our legacy products such as XP_CRYPT have been reviewed in the past in various publications. For example, in 2004, XP_CRYPT was reviewed in an SQL encryption software comparison in a popular magazine https://www.itprotoday.com/sql-server/seamless-sql-server-encryption.

World-wide resellers

World-wide resellers such as SHI or Insight periodically buy our software for their customers.

Ask for references

The first place to start is probably is asking for references - particularly if you are hesitating to try DbDefence. Of course, some of our customers are a little shy about sharing their experience of software security. But we have lots of happy customers all over the world, and many of them really wouldn't mind.

Technical information

We are open and ready to help with technical information. The technical measures and information are clearly set out below, and with such clarity, you can always trust our software. Customers often ask questions such as "What does DbDefence install on the server?", "Can I recover the database in the event of a disaster?", "How can I tell that the database is actually encrypted?" We are always willing to answer these and the many other questions customers have.

Installed components

Almost every database administrator wants to know what is actually installed with a software package. Here you can find a list all the components that DbDefence installs on a server.

Digital signatures

All binaries from Activecrypt Software are digitally signed. Digital signatures provide authenticity, integrity, and non-repudiation.

FIPS 140-2 validated module

The OpenSSL organization provides certified and FIPS 140-2 validated encryption modules. This validation is often required by governmental organizations in the USA and Canada. DbDefence includes this module (libeay32.dll) and uses it when a special option is set before database encryption. The OpenSSL license permits you to compile this module yourself and provides detailed instructions in its documentation.

Find more information at https://www.openssl.org/

PKCS #11 modules

PKCS #11 is an advanced topic. DbDefence may use special modules with well defined API called PKCS #11. These modules usually come with special hardware that performs encryption operations with better security. Previously, these modules were much faster than the server CPU, but now modern CPUs win out. Any professional programmer who can write this module can implement their own encryption functions. Alternatively, there is an open source project called OpenHSM. By using PKCS #11 module (OpenHSM, for example) you will get the complete source code and the assurance that data is actually encrypted in the proper way.

Using the PKCS #11 module may seem similar to using the FIPS 140-2 validated module but it has a big advantage: DbDefence contains a function that generates the source code for database file decryption. Here is the option in the GUI: https://www.database-encryption.com/support/dbdefence-documentation/dbd-pkcs11-source.html

This means you will get the complete source code of a program that decrypts the database. We added this feature specifically to ensure our customers of the reliability of our software.

Non-obfuscated binaries

Almost all DbDefence binaries are protected from reverse-engineering. This helps prevent our programs from being cracked. We design such strong protection in order to protect our intellectual property, which means we can implement an effective licensing scheme.

If you are considering a large order but would like to get additional assurance, please contact us for non-obfuscated binaries. We can also give permission to reverse engineer so you can examine binaries in any security company you trust.

Source code

Finally, if you want to invest more in your security, we can offer the source code of the core encryption module dbdefence.dll and the encryption tool dbencrypt.exe. You will be able to see, examine, and compile EVERYTHING required for encryption.

Please contact us for details.