Subject Re: Undocumented internal encrypt/decrypt in FB
Author mspencewasunavailable
--- In, "Ann W. Harrison"
<aharrison@...> wrote:
> eMeL wrote:
> >
> > For a point to start the hunting:
> >
> > - in <FB dir>/include/ibase.h you can see a constant for connect:
> > isc_dpb_encrypt_key, this is to isc_attach_database().
> >
> > In Firebird source you can find it and see what it do ;)
> >
> > Maybe a conditional compilation remove it from FB, like other
non good
> > tested feature ?
> >
> If my memory is right, that feature was abandoned when someone
> realized that the problems of key management were much harder
> than the actual encryption/decryption. Without good key
> management, encryption just wastes cycles.
> Regards,
> Ann

How long ago was it abandoned? Did it work at all? Did subsequent
versions break it? There's a lot of open source crypto stuff that's
come of age in the last couple of years that might make this less

ISTM that if you could have FB load a .dll (or .so) to do this then
you could reasonably expect the same .dll (or .so) to provide an
interface to however elegant a solution the author wanted for the
key management.

I was hoping that this was real so that I could use it in the
Embedded case. Even if the means that FB used to find and load the
encryption stuff was by treating it as a UDF, it'd already be in my
address space so my application could deal with the other issues by
making use of additional entry points that need not be declared to

Michael D. Spence
Mockingbird Data Systems, Inc.