DEV Community

Cover image for Acra. Features: Application-level encryption
Cossack Labs
Cossack Labs

Posted on

Acra. Features: Application-level encryption

Ultramodern industries that operate on sensitive data, like fintech and neobanking, require sharp and accurate data security solutions that can be easily maintained and controlled.

Keeping this in mind we updated Acra database security suite, our flagship software security solution, to a new release full of the most required and advanced cryptographic protection.

Use Acra Community Edition for free. Check out Acra Enterprise Edition tailored for solutions with high security requirements.

1️⃣ Application-level encryption

Application-level encryption means that data is encrypted on the application side before sending it to the database for storage, and stays encrypted during the maximum of its lifecycle. Application-level encryption works together with data at rest encryption (database-level) and data in transit encryption (TLS).

Acra supports easy-to-use and hard-to-misuse encryption. Acra is the easiest way to integrate encryption into your applications without significantly altering the data flow.

πŸ’‘ Deploy Acra SQL proxy transparently: AcraServer sits between an app and a database as a cryptographic proxy, transparently encrypting and decrypting chosen data fields that run through it. Just deploy AcraServer and direct your application to talk to it instead of the database.

Deploy Acra SQL proxy transparently

πŸ’‘ Deploy Acra as an API server: AcraTranslator works as Encryption-as-a-Service using HTTP or gRPC API, and encrypts/decrypts data that the application sends it. Application controls which data fields to encrypt. This layout is useful for encrypting only a chosen subset of larger data structures to attain optimal performance/security balance.

Deploy Acra by Cossack Labs as an API server

πŸ’‘ Use client-side encryption and decryption: in some cases, client-side encryption/decryption is required. Use the Acra client-side SDKs to encrypt/decrypt data on the application side, and combine with AcraServer or AcraTranslator.

This approach gives architectural flexibility: build end-to-end encrypted data flows, or encrypt data before sending it via untrusted networks and control the decryption point inside the trusted perimeter.

πŸ’‘ Acra uses multi-layered encryption: each data field is encrypted with data keys, then data keys are encrypted with access keys, which are encrypted with client keys.

This approach allows to perform key rotation easily and guarantees that the brute force decryption will take ages. Acra uses two different cryptographic containers: blazing fast AcraBlock (AES-256-GCM) and flexible AcraStruct (AES-256-GCM + ECDH).

πŸ”₯ But Acra possibilities are not limited to encryption alone. We designed it to be a robust data protection software at your fingertips. Follow the series to read about some other prominent Acra features.

Check out πŸ‘‰ Acra Community Edition (open-source, available for free) or learn about πŸ‘‰ Acra Enterprise Edition.

Discussion (0)