Support in gbak for encrypted databases

An idea is to be able to pass a key from gbak to server using a bit modified crypt holder plugin. An overall idea is to use KeyHolder.conf file from which key is loaded by key holder plugin and then sent to server. Same key (and certainly same crypt plugin) is used by default to encrypt output .fbk file. One can change plugin, key, create encrypted backup of not-encrypted DB and create encrypted DB from not-encrypted backup. What can't be done (by design) - creating non-encrypted output (db or backup) from encrypted input. In order to avoid security-related errors.

Also internal ZIP is added. That's needed cause encrypted .fbk is totally uncompressable. Simplest way to get backup:

 gbak -b -user sysdba -pas masterkey -keyh KeyHolder -zip host:/mnt/db/crypt.fdb eback.fbk
 gbak -c -user sysdba -pas masterkey -keyh KeyHolder eback.fbk host:/mnt/db/blue.fdb

In this samples name of a key and crypt plugin are determined automatically from database or backup file appropriately. To set them manually see gbak's online help on switches. To make it work KeyHolder and DbCrypt plugins should be present at the client side.

back to top of page
<< DBEncryption Plugin for Firebird 3.0 | Firebird Special Edition by IBExpert | Cron triggers >>