> I think the best is to keep the private key near database server
> (firebird crypto folder)
> and public key in the application folder and secured

I think you understand, that server needs both keys to run. One will be
used to encrypt the new pages for UPDATEs, other to decrypt the pages
for SELECTs.

Forget it. Unless your application checks the integrity of the
fbembed.dll, you cannot secure the thing - I will be able to create my
version of fbembed.dll, replace the used one and dump both keys to the
file. Not speaking that PKI is significantly slower than symmetric
algorithms.


Roman