|
|
|
Client implementation of Advanced Encryption is accomplished through the use of the SetEncryption() function on a per-file basis.
See Also
FairCom DB File and User Security are available only when using the client/server operational model.
To encrypt files, simply call SetEncryption() before calling the function to create the file. The mod parameter should point to a text string containing one of the constants in the table below (for example., ctENCR to use the default encryption method or ctDES24 to use DES encoding with a 24-byte key. See ctport.h for constants.)
Note: For Advanced Encryption key is unused and keylen should be a non-zero value.
SetEncryption() is only required to create encrypted files. Any standard client can access files encrypted by a FairCom Server configured for advanced file encryption. Encryption and decryption occurs server side, and is not part of the client application.
Example
This example demonstrates full AES32 advanced encryption for a single file:
InitISAM(...)
SetEncryption( (pTEXT)ctAES32, key, (VRLEN) 23)
CreateIFile(..1..)
SetEncryption(NULL, NULL, (VRLEN) 0)
The possible mod values are defined in ctport.h:
Symbolic Constant |
Description |
ctENCR |
Advanced Encryption is not enabled; only the less-secure Data Camouflage is enabled - This mode is strongly discouraged for production systems or any place sensitive data is used. See Advanced File Encryption (Advanced File Encryption, Advanced Encryption). |
ctAES16 ctAES24 ctAES32 |
Advanced Encryption Standard (AES) - Rijndael encryption algorithm implementation based on code made public by the Rijndael web page as an NIST AES finalist. For more information regarding this standard, refer to “Rijndael Web Site (AES Encryption)”. According to the Rijndael web site: “Rijndael is available for free. You can use it for whatever purposes you want, irrespective of whether it is accepted as AES or not." |
ctDES8 ctDES16 ctDES24 |
Data Encryption Standard - DES encryption algorithm based on a description published by Bruce Schneier in “Applied Cryptography 2nd Edition.” (ISBN 0-471-12845-7) |
ctBLF8 through ctBLF56 |
Blowfish encryption algorithm implementation based on code made public by Bruce Schneier of Counterpane Internet Security Inc. For more information regarding this standard, refer to “The Blowfish Encryption Algorithm.” According to the Counterpane web site about Blowfish: “Blowfish is unpatented and license-free, and is available free for all uses." |
ctTWF16 ctTWF24 ctTWF32 |
Twofish encryption algorithm implementation based on code made public by Counterpane Internet Security Inc, as one of the NIST AES finalist. For more information regarding this standard, refer to the “Twofish Website”. According to the Counterpane web site about Twofish: “Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses." |
Client Operation
When using Advanced File Encryption, SetEncryption() is only required to create encrypted files. Any standard client can access files encrypted by a Custom Server configured for Advanced File Encryption. Encryption and decryption happen behind the scenes, invisible to the client application.
To protect files further, add a file password to each file. Only applications with the file password can open the file. See Security and Encryption (File Security and Encryption, /doc/ctreeplus/FileSecurityandEncryption.htm) for more details.
