DBEncryption Plugin for Firebird 3.0

See separate https://www.ibexpert.net/ibe/index.php?n=Doc.DBEncryptionPluginFB3 document for detailed info, but also take into account this:

KeyHolder.conf - when placed into server's plugins directory this files works as 'developer mode' switch enabling use of any client utility to work with encrypted databases. It must contain all known keys in form "Key=Value", value's format is sequence of bytes in C-compiler readable form. Current sample has same keys as sample application.

aesKeyGen.exe - trivial utility performing call to random numbers generator and printing result in a format compatible with KeyHolder.conf

rsaKeyGen.exe - this utility is needed if one wants to build set of plugin components with unique pairs of RSA keys used to pass AES keys from client todbcrypt plugin. Run: rsaKeyGen >keysA2H.h rsaKeyGen >keysH2P.h and copy resulting files into crypt/db/lib directory. This ensures that nobody except you has legal access to private keys in that pairs.

sample.exe is an example of fbcrypt API use.

Example how to handle crypt keys with services manager calls is not for production use, just a demo with fixed set of keys!!!.

See also:
DBEncryption Plugin for Firebird 3.0

back to top of page
<<| Firebird Special Edition by IBExpert |>>