Forum > Database

Encrypt and decrypt firebird (or other) databases

(1/3) > >>

teochris:
Hello,

can someone please tell me what exactly do i have to do (or point to me proper instructions or a clear tutorial) in order to encrypt a firebird database (or other database if similar instructions occur) and how can i decrypt this database in my app so i can use its data!

I can't find clear instructions anywhere for this action!  :'(

Mike.Cornflake:
I don't have an answer, but I'm posting my research in case it's useful.

I suspect you may be out of luck :-(

https://www.google.com/search?q=encrypt+firebird+database

Got me to: http://www.firebirdsql.org/manual/fbmetasecur-solution.html

Which broke the news gently

--- Quote ---Encryption
While Firebird itself provides no built-in encryption features there are some excellent products that do.
--- End quote ---

And then goes on to list a few that may help.  All of which are outside the realms of the developer really.  Really just looks like "encrypt the file system in which you're storing the database file"

See also: http://www.firebirdfaq.org/faq160/

OK, so it looks like you can't encrypt the whole, then what about the parts?

The fifth link from the google search seemed promising
http://forums.devshed.com/firebird-sql-development-61/encrypt-data-column-173759.html

Err, but then it got technical, and I'm out of my depth there, having never used Firebird. 
https://sourceforge.net/projects/rfunc/
https://sourceforge.net/projects/rfunc/files/rfunc%202/2.1.3.1/

I had a quick look at the download, and there's nothing in the provided documentation about either encrypting, or passwords.  So that looks like a dead end.  Unless someone knows this library in more detail?

In all of this though, I note that Firebird supports BLOB fields.  So you can encrypt a block of data to a stream, then stream that to the blob field.  The whole database won't be encrypted, but maybe you don't need the whole...

Related reading:
http://wiki.lazarus.freepascal.org/Secure_programming
http://wiki.lazarus.freepascal.org/DCPcrypt

I then searched this forum for examples on how to encrypt/decrypt to a stream.
http://pascalgeek.blogspot.no/2012/06/encryption-decryption-and-asynchronous.html

Excellent conversation: http://forum.lazarus.freepascal.org/index.php/topic,28050.0.html
Another excellent conversation: http://forum.lazarus.freepascal.org/index.php/topic,24773.0.html

So really, lot of noise here, but no easy solution.  Sorry and Good luck :-)

teochris:

--- Quote from: Mike.Cornflake on April 09, 2016, 02:29:01 pm ---I don't have an answer, but I'm posting my research in case it's useful.

So really, lot of noise here, but no easy solution.  Sorry and Good luck :-)

--- End quote ---

Thanks for your time, I will investigate your propositions!

Groffy:
@teochris:

just to be sure what you have in mind : You are looking for a way to encrypt the data inside the database to avoid that somebody can read the data when accessing the database directly? Or do you want to encrypt the data communication between the client application and the database server? Well both is currently unfortunately not implemented for the Firebird 2.5.x server, but the upcoming version 3.0 (which is already in RC2 state) will offer a plugin interface for encrypting the data communication between server and client which in my eyes is the more important case, because why encrypting data inside the database when using passwords for accessing the database?

In general, off cource your client application can encrypt/decrypt the data while writing/reading the data to/from any database.

Best regards

Mike.Cornflake:

--- Quote ---because why encrypting data inside the database when using passwords for accessing the database?
--- End quote ---

This answer implies that the database is already encrypted.  As it doesn't seem to be, then the answer to your question is "to stop people using file read operations on the database files to snoop on confidential data"

Navigation

[0] Message Index

[#] Next page

Go to full version