--- In Firebird-Architect@yahoogroups.com, Dimitry Sibiryakov <sd@...> wrote:

>
> 05.11.2010 15:12, ettotev wrote:
> > Well, all I'm actually asking for is a clearly defined and documented interface for the disk encryption plug-in.
>
> Interface: DLL named fbcrypt.dll (libfbcrypt.so) with two functions called "encrypt" and
> "decrypt". Both functions have the same declaration:
>
> int (*crypt_routine) (const char* key, void* in_buffer, int size, void* out_buffer);
>
> All they need to do is somehow transform data from in_buffer of size "size" into
> out_buffer of the same size.
>
> Is this definition clear enough?
>
> > I remember reading about the "current solution" some time ago, but can't find it again. Could someone please point me to some documentation?
>
> Sources is the only documentation, unfortunately. Fortunately, encryption plugin
> interface is much simpler than any other plugin (intl or external routines) interface.
>
> --
> SY, SD.
>

Well, it is quite clear, though far from good. Can I try it - is this really enabled in the official releases? Where exactly should I be looking in the sources?

If I were to propose a similar interface, I would start with the assumption that the engine need not (actually, must not) know the encryption key. The plug-in should provide the key - read it from a file, get it from the network, via https, whatever. I would add one more call from the engine to initialize the plug-in and determine the key, passing some information like user name, password or password hash. And maybe add database name to all these functions so that there could be a different key by database.
Unfortunately I do not know C/C++ to try to implement it :-)

Emil