FairCom Corporation
Your Location: USA | Europe | Brazil | Japan

Homebulletgrey.gifeNewsletterbulletgrey.gifVolume25bulletgrey.gifAdvanced Server Encryption

Secure your Data with Advanced c‑tree Server Encryption

c‑treeACE database technology offers users the ability to enable Advanced Encryption at run time, through the use of a c‑treeACE configuration keyword. FairCom offers developers a choice of using either standard FairCom proprietary file encryption or including other advanced encryption routines, such as AES (Rijndael), Blowfish, or Twofish. Using the c‑treeACE SDK, developers can also author in their own proprietary encryption algorithms for advanced needs.

FairCom proprietary file encryption is designed to shield data from casual inspection while maintaining performance. Advanced encryption is designed for increased security, however, realizing a performance penalty for the complex encryption algorithms involved. c‑treeACE offers a range of advanced encryption options for the developer, maximizing performance potentials where it is needed most.

FairCom offers many other ways to secure your data and applications as well, including file level passwords, client-server handshake technology, encrypted TCP/IP communications, user, group and file access permissions, and advanced logon control restrictions.

Contact your nearest FairCom office should you require additional information, or have specific needs regarding this powerful c‑treeACE feature.

Enable Advanced Encryption

Follow these steps to enable advanced encryption support:

  1. When Advanced Encryption is enabled, c‑treeACE prompts for a master password at server startup. Run the ctcpvf utility to generate an encrypted password for use when launching the Advanced Encryption enabled Server. This will generate the file ctsrvr.pvf.

    Note: Developers can use the c‑treeACE SDK to replace this prompt with an application-specific method of retrieving the master password.

  2. To enable Advanced Encryption, place the following keyword in the ctsrvr.cfg configuration file prior to launching:


Important: Advanced Encryption is disabled by default. Any time you change the advanced encryption setting, you should delete the FAIRCOM.FCS file (which contains user and group information) before restarting c‑treeACE as user and group information is encrypted for protection as well. All user and group information must be recreated if the FAIRCOM.FCS file is deleted.

See Also

  • Master Password Verification File Utility - ctcpvf
  • Change Master Password Utility - ctencrypt

Implementing Advanced Encryption

Client implementation of Advanced Encryption is accomplished through the use of the SetEncryption() function on a per file basis. Refer to the c‑treeACE Function Reference Guide for details on this function. Refer to the c‑treeACE Programmer's Reference Guide for complete details on implementing advanced encryption.

See Also

  • Master Password Verification File Utility - ctcpvf
  • Change Master Password Utility - ctencrypt

To encrypt files, simply call SetEncryption() before calling the function to create the file. The mod parameter should point to a text string containing one of the constants in the table below (for example., ctENCR to use the default encryption method or ctDES24 to use DES encoding with a 24-byte key. See ctport.h for constants.)

Note: For Advanced Encryption key is unused and keylen should be a non-zero value.

SetEncryption() is only required to create encrypted files. Any standard client can access files encrypted by a c‑treeACE Server configured for advanced file encryption. Encryption and decryption occurs server side, and is not part of the client application.


This example demonstrates full AES32 advanced encryption for a single file:

SetEncryption( (pTEXT)ctAES32, key, (VRLEN) 23)
SetEncryption(NULL, NULL, (VRLEN) 0)

The possible mod values are defined in ctport.h:

Symbolic Constant



FairCom Data Camouflage - See “Data Camouflage ”.

ctAES16 ctAES24 ctAES32

Advanced Encryption Standard (AES) - Rijndael encryption algorithm implementation based on code made public by the Rijndael web page as an NIST AES finalist. For more information regarding this standard, refer to “Rijndael Web Site (AES Encryption)”. According to the Rijndael web site: “Rijndael is available for free. You can use it for whatever purposes you want, irrespective of whether it is accepted as AES or not."

ctDES8 ctDES16 ctDES24

Data Encryption Standard - DES encryption algorithm based on a description published by Bruce Schneier in “Applied Cryptography 2nd Edition.” (ISBN 0-471-12845-7)

ctBLF8 through ctBLF56

Blowfish encryption algorithm implementation based on code made public by Bruce Schneier of Counterpane Internet Security Inc. For more information regarding this standard, refer to “Blowfish Encryption Web Site”. According to the Counterpane web site about Blowfish: “Blowfish is unpatented and license-free, and is available free for all uses."

ctTWF16 ctTWF24 ctTWF32

Twofish encryption algorithm implementation based on code made public by Counterpane Internet Security Inc, as one of the NIST AES finalist. For more information regarding this standard, refer to “Twofish Encryption Web Site”. According to the Counterpane web site about Twofish: “Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses."

Computer Associates International, Inc (NYSE: CA) has been developing and supporting software solutions for more than 99% of the Fortune 500® in more than 100 countries for over a quarter century. CA's world-class solutions address all aspects of eBusiness process management, information management, and infrastructure management in six focus areas: enterprise management, security, storage, portal and business intelligence, database management, application life cycle management, and application development. As the world's third largest enterprise software company, CA provides industry-leading integrated solutions through strategic partnerships and powerful brands such as Unicenter®, BrightStor™, eTrust™, CleverPath™, Advantage™, Jasmine® and AllFusion™. With mission-critical software in security and storage, CA provides reliable, quality technology. CA works hard to achieve the highest quality in their solutions to help their customers meet changing business needs. That's why CA became the first and only global enterprise software company to meet the exacting standards for worldwide ISO 9002 certification.

Advantage™ CA-Realia® II Workbench™ provides a mainframe-compatible COBOL development environment on the PC. It uses the power of the PC environment to improve the development and maintenance of COBOL and CICS applications. FairCom's c-tree Plus provides the underlying technology for the runtime file system of Advantage CA-Realia II Workbench. Computer Associates selected FairCom technology for this application because of the strength and flexibility of c-tree Plus and the flexibility of FairCom's business models.

btn_readmoreSm (727KB PDF)

Copyright 2014 FairCom Corporation. All rights reserved.