Subject RE: [ib-support] crypted data
>-- Messaggio originale --
>From: "duilio_fos <irel_llc@...>" <irel_llc@...>
>Date: Fri, 31 Jan 2003 21:19:31 -0000
>Subject: [ib-support] crypted data
>can database data be crypted so that even the system administrator
>cannot read it ?


Yes you can.

This feature is not apparently built-in in IB or FB, yet that
doesn't mean it can't be done.
You can, for example, using LockBox from Turbo Power which is
now open-sourced, generate a key pair that you will encrypt
in your database with your Public Key.
Then you'll use the generated public key to encrypt your
sensitive data and will transfer the private key( which is
encrypted with YOUR personal public key ) onto your client.
You will thus be able to use it( since you can decrypt it ) to
view and change the data.

The main drawback of this system is that you'll presumably
have to use blob fields which( among other things ) cannot
even be searched since they're encrypted.

But again, if you really need security that may be an option.

To ease search, however, you can also use special tables
where data is stored in a hashed way and search in that

This, though, has the drawback of data redundance.

The only "plain" way I can see for this is to implement
the feature directly in your RDBMS of choice.
It may not be easy, but I haven't examined the sources.

For further inquiries about this, please refer to my
personal email address, so that - among the other things -
we can speak Italian( since I'm Italian as well ).

>He (the internet provider) must have sysadm privileges as he will
>take care of local backups.

Without the right private key, your data are unreadable.


You welcome :)

>Duilio Foschi