Subject Re: [Firebird-Architect] Encryption for embedded server
Author Dmitry Yemanov
"Jim Starkey" <jas@...> wrote:
> But your point about encryption is well taken. My ideas of how security
> plugin should work is that can be chained, and get a crack at file
> opens, page reads, and page writes as well as authentication requests.
> This would let us roll the physical database I/O into a default
> "security plugin". Another plugin could handle page level encryption
> and maybe a third to handle authentication.

Page-level encryption is already available as a part of some Borland
experiments. I've switched the code to PluginManager and fixed some bugs,
now it does work, at least on win32. Just uncomment one line in the FB
sources and you'll be able to specify an encryption key in a DPB parameter.
Then the engine will load /plugins/fbcrypt.dll/.so and use its entrypoints
in the PIO code for a symmetric encryption.

But, with the current key management (required DPB parameter), all tools
(gbak, gfix etc) along with the Services API should be aware of this DPB
parameter and provide command-line interface for that.

> Key management, as usual,
> is a problem that would need to be solved.

This is the reason why this feature was never enabled for public ;-)