Subject RE: [ib-support] crypted data
Author Paul Vinkenoog
Hello Andrew,

> >can database data be crypted so that even the system administrator
> >cannot read it ?
> Yes you can.
> This feature is not apparently built-in in IB or FB, yet that
> doesn't mean it can't be done.
> You can, for example, using LockBox from Turbo Power which is
> now open-sourced, generate a key pair that you will encrypt
> in your database with your Public Key.
> Then you'll use the generated public key to encrypt your
> sensitive data and will transfer the private key( which is
> encrypted with YOUR personal public key ) onto your client.
> You will thus be able to use it( since you can decrypt it ) to
> view and change the data.

But bear in mind that a public key system implies a lot of overhead
and needs far longer keys than a single key system. The advantages of
public key systems are that:
a) the reader doesn't need the writer's secret key to read the data;
b) you can distribute public keys across insecure channels.

If the instance (i.e. a person, a group, or a program) who reads the
data is the same as the one who writes it, a single key system is
smaller, faster and a lot easier to implement and maintain.

Paul Vinkenoog