* * *

Author Topic: Encrypt and decrypt firebird (or other) databases  (Read 3270 times)

teochris

  • Jr. Member
  • **
  • Posts: 86
Encrypt and decrypt firebird (or other) databases
« on: April 09, 2016, 12:20:57 pm »
Hello,

can someone please tell me what exactly do i have to do (or point to me proper instructions or a clear tutorial) in order to encrypt a firebird database (or other database if similar instructions occur) and how can i decrypt this database in my app so i can use its data!

I can't find clear instructions anywhere for this action!  :'(
« Last Edit: April 09, 2016, 12:54:49 pm by teochris »

Mike.Cornflake

  • Hero Member
  • *****
  • Posts: 1125
Re: Encrypt and decrypt firebird (or other) databases
« Reply #1 on: April 09, 2016, 02:29:01 pm »
I don't have an answer, but I'm posting my research in case it's useful.

I suspect you may be out of luck :-(

https://www.google.com/search?q=encrypt+firebird+database

Got me to: http://www.firebirdsql.org/manual/fbmetasecur-solution.html

Which broke the news gently
Quote
Encryption
While Firebird itself provides no built-in encryption features there are some excellent products that do.

And then goes on to list a few that may help.  All of which are outside the realms of the developer really.  Really just looks like "encrypt the file system in which you're storing the database file"

See also: http://www.firebirdfaq.org/faq160/

OK, so it looks like you can't encrypt the whole, then what about the parts?

The fifth link from the google search seemed promising
http://forums.devshed.com/firebird-sql-development-61/encrypt-data-column-173759.html

Err, but then it got technical, and I'm out of my depth there, having never used Firebird. 
https://sourceforge.net/projects/rfunc/
https://sourceforge.net/projects/rfunc/files/rfunc%202/2.1.3.1/

I had a quick look at the download, and there's nothing in the provided documentation about either encrypting, or passwords.  So that looks like a dead end.  Unless someone knows this library in more detail?

In all of this though, I note that Firebird supports BLOB fields.  So you can encrypt a block of data to a stream, then stream that to the blob field.  The whole database won't be encrypted, but maybe you don't need the whole...

Related reading:
http://wiki.lazarus.freepascal.org/Secure_programming
http://wiki.lazarus.freepascal.org/DCPcrypt

I then searched this forum for examples on how to encrypt/decrypt to a stream.
http://pascalgeek.blogspot.no/2012/06/encryption-decryption-and-asynchronous.html

Excellent conversation: http://forum.lazarus.freepascal.org/index.php/topic,28050.0.html
Another excellent conversation: http://forum.lazarus.freepascal.org/index.php/topic,24773.0.html

So really, lot of noise here, but no easy solution.  Sorry and Good luck :-)
Lazarus Trunk/FPC Trunk on Linux & Windows [7, 8.1]
  Have you tried searching this forum or the wiki?:   http://wiki.lazarus.freepascal.org/Alternative_Main_Page
  BOOKS! (Free and otherwise): http://wiki.lazarus.freepascal.org/Pascal_and_Lazarus_Books_and_Magazines

teochris

  • Jr. Member
  • **
  • Posts: 86
Re: Encrypt and decrypt firebird (or other) databases
« Reply #2 on: April 10, 2016, 01:05:05 pm »
I don't have an answer, but I'm posting my research in case it's useful.

So really, lot of noise here, but no easy solution.  Sorry and Good luck :-)

Thanks for your time, I will investigate your propositions!

Groffy

  • Full Member
  • ***
  • Posts: 159
Re: Encrypt and decrypt firebird (or other) databases
« Reply #3 on: April 10, 2016, 01:57:42 pm »
@teochris:

just to be sure what you have in mind : You are looking for a way to encrypt the data inside the database to avoid that somebody can read the data when accessing the database directly? Or do you want to encrypt the data communication between the client application and the database server? Well both is currently unfortunately not implemented for the Firebird 2.5.x server, but the upcoming version 3.0 (which is already in RC2 state) will offer a plugin interface for encrypting the data communication between server and client which in my eyes is the more important case, because why encrypting data inside the database when using passwords for accessing the database?

In general, off cource your client application can encrypt/decrypt the data while writing/reading the data to/from any database.

Best regards
Linux Mint 18 - KDE / Windows7 / Lazarus 1.6.4 / trunk -qt

Mike.Cornflake

  • Hero Member
  • *****
  • Posts: 1125
Re: Encrypt and decrypt firebird (or other) databases
« Reply #4 on: April 10, 2016, 02:20:56 pm »
Quote
because why encrypting data inside the database when using passwords for accessing the database?

This answer implies that the database is already encrypted.  As it doesn't seem to be, then the answer to your question is "to stop people using file read operations on the database files to snoop on confidential data"
Lazarus Trunk/FPC Trunk on Linux & Windows [7, 8.1]
  Have you tried searching this forum or the wiki?:   http://wiki.lazarus.freepascal.org/Alternative_Main_Page
  BOOKS! (Free and otherwise): http://wiki.lazarus.freepascal.org/Pascal_and_Lazarus_Books_and_Magazines

Groffy

  • Full Member
  • ***
  • Posts: 159
Re: Encrypt and decrypt firebird (or other) databases
« Reply #5 on: April 10, 2016, 02:34:02 pm »
This answer implies that the database is already encrypted.

Accessing secured databases by a user/password combination means that the contents is encrypted?? Sorry, I don't get it. Maybe I didn't understand your reply correctly...(?)

You are right, there might be a reason for encrypting data inside the database for the case that somebody has physical access to the database file itsself and trying to analyse the file contents directly.
Linux Mint 18 - KDE / Windows7 / Lazarus 1.6.4 / trunk -qt

Mike.Cornflake

  • Hero Member
  • *****
  • Posts: 1125
Re: Encrypt and decrypt firebird (or other) databases
« Reply #6 on: April 10, 2016, 02:39:08 pm »
This answer implies that the database is already encrypted.
Accessing secured databases by a user/password combination means that the contents is encrypted?? Sorry, I don't get it. Maybe I didn't understand your reply correctly...(?)

Apologies, I missed a step in my logic.  I said "implies", not "means".  To my way of thinking, your reply that a password is sufficient implied that direct file access to the database files wouldn't reveal anything.
Lazarus Trunk/FPC Trunk on Linux & Windows [7, 8.1]
  Have you tried searching this forum or the wiki?:   http://wiki.lazarus.freepascal.org/Alternative_Main_Page
  BOOKS! (Free and otherwise): http://wiki.lazarus.freepascal.org/Pascal_and_Lazarus_Books_and_Magazines

Groffy

  • Full Member
  • ***
  • Posts: 159
Re: Encrypt and decrypt firebird (or other) databases
« Reply #7 on: April 10, 2016, 02:53:15 pm »
@mike

just read my posting to the op. I used the term "direct access" to the database. That was my mistake and a bit unclear. I meant the access by a database client on the same computer and not reading the physical database binary dump. Well - anyway - the question was how can he do encrypton/decryption and not why and whether it makes sense.


Linux Mint 18 - KDE / Windows7 / Lazarus 1.6.4 / trunk -qt

teochris

  • Jr. Member
  • **
  • Posts: 86
Re: Encrypt and decrypt firebird (or other) databases
« Reply #8 on: April 12, 2016, 12:33:42 pm »
@teochris:

just to be sure what you have in mind : You are looking for a way to encrypt the data inside the database to avoid that somebody can read the data when accessing the database directly? Or do you want to encrypt the data communication between the client application and the database server? Well both is currently unfortunately not implemented for the Firebird 2.5.x server, but the upcoming version 3.0 (which is already in RC2 state) will offer a plugin interface for encrypting the data communication between server and client which in my eyes is the more important case, because why encrypting data inside the database when using passwords for accessing the database?

In general, off cource your client application can encrypt/decrypt the data while writing/reading the data to/from any database.

Best regards


My app uses the database data to offer the app user some statistics - the database is updated regularly so I do not want the users to be able to update themselfs the database. Do i have to encrypt the database data or the data communication between the app and the database. I am afraid I have no idea yet what do I have to do exactly so I can protect my database from being updated by the app users  :'(

vfclists

  • Hero Member
  • *****
  • Posts: 821
    • HowTos Considered Harmful?
Re: Encrypt and decrypt firebird (or other) databases
« Reply #9 on: April 12, 2016, 01:35:12 pm »
You can encrypt the data via OnSetText and OnGetText routines, but you can only query the data in your application if that is good enough for you. This means that querying is only possible after the fields have been unencrypted via the OnSetText and GetText routines.
Windows - Lazarus 1.0.8/FPC 2.6.0
Linux - Lazarus 1.4.4 /FPC 2.6.4

Mike.Cornflake

  • Hero Member
  • *****
  • Posts: 1125
Re: Encrypt and decrypt firebird (or other) databases
« Reply #10 on: April 12, 2016, 02:04:18 pm »
My app uses the database data to offer the app user some statistics - the database is updated regularly so I do not want the users to be able to update themselfs the database. Do i have to encrypt the database data or the data communication between the app and the database. I am afraid I have no idea yet what do I have to do exactly so I can protect my database from being updated by the app users  :'(

Now I'm confused.  What exactly is your requirement?

You make it sound like:  "You want to stop your users using your application to update the database?"

Is this correct?   If so, then simply don't allow the users to make changes in your application.  No need to muck around with encryption.  Set everything to ReadOnly whereever possible (datasets, connections), don't write any commits (and hide the commit option from all DBNavigators).

If your requirement is:  "I don't want the users making a change to my database using a different application", then @Groffy has hit the nail on the head.  Again, you don't need encryption, just password protect your database

EDIT
Based on your original post I assumed your requirement was "I want to encrypt the database". 

Please be very clear in future.
« Last Edit: April 12, 2016, 02:07:24 pm by Mike.Cornflake »
Lazarus Trunk/FPC Trunk on Linux & Windows [7, 8.1]
  Have you tried searching this forum or the wiki?:   http://wiki.lazarus.freepascal.org/Alternative_Main_Page
  BOOKS! (Free and otherwise): http://wiki.lazarus.freepascal.org/Pascal_and_Lazarus_Books_and_Magazines

JD

  • Hero Member
  • *****
  • Posts: 1519
Re: Encrypt and decrypt firebird (or other) databases
« Reply #11 on: April 15, 2016, 12:45:51 pm »
I am afraid I have no idea yet what do I have to do exactly so I can protect my database from being updated by the app users  :'(

Make your database connection READ ONLY. Then no modification of the data is possible. One can only view it!

JD
Windows (10, 7) - Lazarus 1.6.2/FPC 3.0 (also Delphi occasionally)
Linux Mint Cinnamon  - Lazarus 1.4/FPC 2.6.4
Indy 10.6 series; Zeos 7.2.1; SQLite, Firebird, PostgreSQL & MariaDB

teochris

  • Jr. Member
  • **
  • Posts: 86
Re: Encrypt and decrypt firebird (or other) databases
« Reply #12 on: April 17, 2016, 09:42:50 pm »
..., then @Groffy has hit the nail on the head.  Again, you don't need encryption, just password protect your database

If I password protect my database (now it has the default user and password) - if I change these user name and password then nobody would be able to alter my database even if he has access to the .FDB file  ?

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus