8
0
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-25 05:23:02 +01:00
firebird-mirror/examples/dbcrypt
2018-03-13 20:24:46 +02:00
..
CryptApplication.cpp Backported fix for CORE-5472: Problems with dbcrypt key transfer 2017-03-16 12:17:17 +03:00
cryptDb.pas Fixed examples. 2018-03-13 20:24:46 +02:00
CryptKeyHolder.cpp Fixed examples. 2018-03-13 20:24:46 +02:00
DbCrypt.cpp Fixed examples. 2018-03-13 20:24:46 +02:00
ReadMe.txt Backported fix for CORE-5472: Problems with dbcrypt key transfer 2017-03-16 12:17:17 +03:00

**************************************************************************************
*				All files in this directory are trivial samples.					 *
* They do not perform any real data encryption and should not be used in production! *
**************************************************************************************

Brief description of the sample.

Sample contains 3 components - DbCrypt plugin, KeyHolder plugin and application, which can pass
crypt key to server. Plugins do not perform any real encryption (XOR with single byte hardly can
be treated as encryption though makes database useless without crypt plugin), key is sent between
components in plain form - they just demonstrate what calls in plugins should be done and what
methods should be implemented in order for plugin to start to work.

Depending upon settings in configuration file plugins may use different ways to manage encryption
key. DbCrypt's configuration file may contain following parameters:
Auto - boolean value, when FALSE plugin queries KeyHolder plugin for key value (this is default),
	when TRUE get key value from "Value" configuration parameter.
Value - integer value (lower byte is actually used), used in "Auto" mode as key value (default 90).

CryptKeyHolder's configuration file may contain following parameters:
Auto - boolean value, when FALSE plugin queries client application for key value (this is default),
	when TRUE get key value from configuration file by name or use default (90) for unnamed key.
Key{Name} - integer value, a key with name "Name" (i.e. when one issues "ALTER DATABASE ENCRYPT ...
	KEY Doggy" configuration parameter KeyDoggy should be present).
OnlyOwnKey - boolean value, enables/disables use of a key from another key holder in SuperServer.
	Default value is TRUE (i.e. only key, owned by this KeyHolder, can be used by related
	attachment).

Crypt application has a few parameters making it possible to demonstrate different operations.
-e - Encrypt database (use gstat to monitor crypt progress).
-d - Decrypt database.
-l - Locally execute SELECT statement returning name of currently attached user.
-r - Execute same statement using remote datasource 'localhost:employee'. To make it work
	 user "test" with password "test" should be created in employee database. If employee was
	 encrypted in advance this demonstrates passing database crypt key through the chain of
	 key holders.

cryptDb.pas is a minimum (XOR using fixed key hardcoded in plugin body) sample of database crypt
plugin written on Pascal. Was tested with both FreePascal and Delphi.