Subject Re: [Firebird-Architect] Re: database encryption
Author Alex Peshkoff
On 11/08/10 18:15, Jim Starkey wrote:
> On 11/8/2010 6:38 AM, Daniel Rail wrote:
>> I suggest here not to go into details of crypt implementation (what
>>> algorithm, what library, etc.). Instead interfaces needed to support
>>> line& file encryption should be defined.
>> It's all that I'm asking for, is interfaces to be able to define our
>> own line and file encryption.
> I'm afraid that just adding interfaces isn't nearly enough. To do even
> plausible line encryption (out of SSL), you need the following:

Certainly, we need to have all of this. Only interface is definitely not
enough. But as far as I've understood Daniel, interface is enough from
user's POV to be able to write crypt plugin with crypt algorithm
particular user needs.

> 1. Creation or maintenance of a public key pair on the server for key
> transmittal.

Suppose this is one more hook on server startup. How does plugin
generate keys (or loads from disk - for line encryption that is probably
acceptable) is not our problem.

> 5. Hooks in PIO for page encryption

Sorry - may be we can start with line encryption? :)