Re: LMDB encryption support?

[Howard Chu <hyc@symas.com>]

Jens Alfke wrote:
> I'm evaluating LMDB, and one feature we consider important is file-level encryption. The memory-mapped, zero-copy nature of LMDB would seem to be incompatible
> with encryption, but there is a tantalizing post from Howard Chu two years ago:
> 
>> • To: "OpenLDAP-devel@openldap.org <mailto:OpenLDAP-devel@openldap.org>" <OpenLDAP-devel@openldap.org>
>> • Subject: LMDB encryption support
>> • From: Howard Chu <hyc@symas.com <mailto:hyc@symas.com>>
>> • Date: Thu, 10 Aug 2017 16:55:57 +0100
>>
>> I've recently added support for page-level encryption to LMDB 1.x using user-supplied callbacks: 
> 
> ( https://www.openldap.org/lists/openldap-devel/201708/msg00002.html ;)
> 
> However, the API shown in the email is not present in mainline LMDB (0.9.24), nor can I find it in a branch in the Git repository. Was this an abandoned
> experiment? Or is it only available with a commercial license (as is SQLite's encryption extension?)

It's in a private branch, for closed-source licensees. But we'll be opening it up soon.

> (Whether or not this feature still exists, I'm curious about how it was implemented. It seems like it would either require some kind of kernel-level support for
> hooking into the VM pager to rewrite pages after they're faulted in, or else not using memory-mapping at all and going with a page-cache a la SQLite.)

Yes it requires LMDB to manage cached pages. I'm not too fond of that, but there was no other way.
> 
> Thanks,
> 
> —Jens


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/