FairCom Corporation
Your Location: USA | Europe | Brazil | Japan

Homebulletgrey.gifeNewsletterbulletgrey.gifVolume25bulletgrey.gifAdvanced Server Encryption

Secure your Data with Advanced c‑tree Server Encryption

c‑treeACE database technology offers users the ability to enable Advanced Encryption at run time, through the use of a c‑treeACE configuration keyword. FairCom offers developers a choice of using either standard FairCom proprietary file encryption or including other advanced encryption routines, such as AES (Rijndael), Blowfish, or Twofish. Using the c‑treeACE SDK, developers can also author in their own proprietary encryption algorithms for advanced needs.

FairCom proprietary file encryption is designed to shield data from casual inspection while maintaining performance. Advanced encryption is designed for increased security, however, realizing a performance penalty for the complex encryption algorithms involved. c‑treeACE offers a range of advanced encryption options for the developer, maximizing performance potentials where it is needed most.

FairCom offers many other ways to secure your data and applications as well, including file level passwords, client-server handshake technology, encrypted TCP/IP communications, user, group and file access permissions, and advanced logon control restrictions.

Contact your nearest FairCom office should you require additional information, or have specific needs regarding this powerful c‑treeACE feature.

Enable Advanced Encryption

Follow these steps to enable advanced encryption support:

  1. When Advanced Encryption is enabled, c‑treeACE prompts for a master password at server startup. Run the ctcpvf utility to generate an encrypted password for use when launching the Advanced Encryption enabled Server. This will generate the file ctsrvr.pvf.

    Note: Developers can use the c‑treeACE SDK to replace this prompt with an application-specific method of retrieving the master password.

  2. To enable Advanced Encryption, place the following keyword in the ctsrvr.cfg configuration file prior to launching:

    ADVANCED_ENCRYPTION YES

Important: Advanced Encryption is disabled by default. Any time you change the advanced encryption setting, you should delete the FAIRCOM.FCS file (which contains user and group information) before restarting c‑treeACE as user and group information is encrypted for protection as well. All user and group information must be recreated if the FAIRCOM.FCS file is deleted.

See Also

  • Master Password Verification File Utility - ctcpvf
  • Change Master Password Utility - ctencrypt

Implementing Advanced Encryption

Client implementation of Advanced Encryption is accomplished through the use of the SetEncryption() function on a per file basis. Refer to the c‑treeACE Function Reference Guide for details on this function. Refer to the c‑treeACE Programmer's Reference Guide for complete details on implementing advanced encryption.

See Also

  • Master Password Verification File Utility - ctcpvf
  • Change Master Password Utility - ctencrypt

To encrypt files, simply call SetEncryption() before calling the function to create the file. The mod parameter should point to a text string containing one of the constants in the table below (for example., ctENCR to use the default encryption method or ctDES24 to use DES encoding with a 24-byte key. See ctport.h for constants.)

Note: For Advanced Encryption key is unused and keylen should be a non-zero value.

SetEncryption() is only required to create encrypted files. Any standard client can access files encrypted by a c‑treeACE Server configured for advanced file encryption. Encryption and decryption occurs server side, and is not part of the client application.

Example

This example demonstrates full AES32 advanced encryption for a single file:

InitISAM(...)
SetEncryption( (pTEXT)ctAES32, key, (VRLEN) 23)
CreateIFile(..1..)
SetEncryption(NULL, NULL, (VRLEN) 0)

The possible mod values are defined in ctport.h:

Symbolic Constant

Description

ctENCR

FairCom Data Camouflage - See “Data Camouflage ”.

ctAES16 ctAES24 ctAES32

Advanced Encryption Standard (AES) - Rijndael encryption algorithm implementation based on code made public by the Rijndael web page as an NIST AES finalist. For more information regarding this standard, refer to “Rijndael Web Site (AES Encryption)”. According to the Rijndael web site: “Rijndael is available for free. You can use it for whatever purposes you want, irrespective of whether it is accepted as AES or not."

ctDES8 ctDES16 ctDES24

Data Encryption Standard - DES encryption algorithm based on a description published by Bruce Schneier in “Applied Cryptography 2nd Edition.” (ISBN 0-471-12845-7)

ctBLF8 through ctBLF56

Blowfish encryption algorithm implementation based on code made public by Bruce Schneier of Counterpane Internet Security Inc. For more information regarding this standard, refer to “Blowfish Encryption Web Site”. According to the Counterpane web site about Blowfish: “Blowfish is unpatented and license-free, and is available free for all uses."

ctTWF16 ctTWF24 ctTWF32

Twofish encryption algorithm implementation based on code made public by Counterpane Internet Security Inc, as one of the NIST AES finalist. For more information regarding this standard, refer to “Twofish Encryption Web Site”. According to the Counterpane web site about Twofish: “Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses."

FairCom in the news...

InfoQ

Click here to read this article by FairCom VP of Engineering, Randal Hoff, about a unique c‑treeACE feature that provides SQL access to non-relational data that squeezes several record layouts into one table. You need to see this if you'd like to add SQL, ODBC, JDBC, or PHP access without rewriting the entire application and normalizing the table: “How to Provide SQL Access to NoSQL Type Data using Multi-Record Type.”

Copyright 2014 FairCom Corporation. Todos os direitos reservados.