FairCom Corporation
Your Location: USA | Europe | Brazil | Japan

Homebulletgrey.gifeNewsletterbulletgrey.gifVolume25bulletgrey.gifAdvanced Server Encryption

Secure your Data with Advanced c‑tree Server Encryption

c‑treeACE database technology offers users the ability to enable Advanced Encryption at run time, through the use of a c‑treeACE configuration keyword. FairCom offers developers a choice of using either standard FairCom proprietary file encryption or including other advanced encryption routines, such as AES (Rijndael), Blowfish, or Twofish. Using the c‑treeACE SDK, developers can also author in their own proprietary encryption algorithms for advanced needs.

FairCom proprietary file encryption is designed to shield data from casual inspection while maintaining performance. Advanced encryption is designed for increased security, however, realizing a performance penalty for the complex encryption algorithms involved. c‑treeACE offers a range of advanced encryption options for the developer, maximizing performance potentials where it is needed most.

FairCom offers many other ways to secure your data and applications as well, including file level passwords, client-server handshake technology, encrypted TCP/IP communications, user, group and file access permissions, and advanced logon control restrictions.

Contact your nearest FairCom office should you require additional information, or have specific needs regarding this powerful c‑treeACE feature.

Enable Advanced Encryption

Follow these steps to enable advanced encryption support:

  1. When Advanced Encryption is enabled, c‑treeACE prompts for a master password at server startup. Run the ctcpvf utility to generate an encrypted password for use when launching the Advanced Encryption enabled Server. This will generate the file ctsrvr.pvf.

    Note: Developers can use the c‑treeACE SDK to replace this prompt with an application-specific method of retrieving the master password.

  2. To enable Advanced Encryption, place the following keyword in the ctsrvr.cfg configuration file prior to launching:


Important: Advanced Encryption is disabled by default. Any time you change the advanced encryption setting, you should delete the FAIRCOM.FCS file (which contains user and group information) before restarting c‑treeACE as user and group information is encrypted for protection as well. All user and group information must be recreated if the FAIRCOM.FCS file is deleted.

See Also

  • Master Password Verification File Utility - ctcpvf
  • Change Master Password Utility - ctencrypt

Implementing Advanced Encryption

Client implementation of Advanced Encryption is accomplished through the use of the SetEncryption() function on a per file basis. Refer to the c‑treeACE Function Reference Guide for details on this function. Refer to the c‑treeACE Programmer's Reference Guide for complete details on implementing advanced encryption.

See Also

  • Master Password Verification File Utility - ctcpvf
  • Change Master Password Utility - ctencrypt

To encrypt files, simply call SetEncryption() before calling the function to create the file. The mod parameter should point to a text string containing one of the constants in the table below (for example., ctENCR to use the default encryption method or ctDES24 to use DES encoding with a 24-byte key. See ctport.h for constants.)

Note: For Advanced Encryption key is unused and keylen should be a non-zero value.

SetEncryption() is only required to create encrypted files. Any standard client can access files encrypted by a c‑treeACE Server configured for advanced file encryption. Encryption and decryption occurs server side, and is not part of the client application.


This example demonstrates full AES32 advanced encryption for a single file:

SetEncryption( (pTEXT)ctAES32, key, (VRLEN) 23)
SetEncryption(NULL, NULL, (VRLEN) 0)

The possible mod values are defined in ctport.h:

Symbolic Constant



FairCom Data Camouflage - See “Data Camouflage ”.

ctAES16 ctAES24 ctAES32

Advanced Encryption Standard (AES) - Rijndael encryption algorithm implementation based on code made public by the Rijndael web page as an NIST AES finalist. For more information regarding this standard, refer to “Rijndael Web Site (AES Encryption)”. According to the Rijndael web site: “Rijndael is available for free. You can use it for whatever purposes you want, irrespective of whether it is accepted as AES or not."

ctDES8 ctDES16 ctDES24

Data Encryption Standard - DES encryption algorithm based on a description published by Bruce Schneier in “Applied Cryptography 2nd Edition.” (ISBN 0-471-12845-7)

ctBLF8 through ctBLF56

Blowfish encryption algorithm implementation based on code made public by Bruce Schneier of Counterpane Internet Security Inc. For more information regarding this standard, refer to “Blowfish Encryption Web Site”. According to the Counterpane web site about Blowfish: “Blowfish is unpatented and license-free, and is available free for all uses."

ctTWF16 ctTWF24 ctTWF32

Twofish encryption algorithm implementation based on code made public by Counterpane Internet Security Inc, as one of the NIST AES finalist. For more information regarding this standard, refer to “Twofish Encryption Web Site”. According to the Counterpane web site about Twofish: “Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses."

Follett Software Company utilizes FairCom technology as part of their Catalog Plus and Circulation Plus library automation systems. Catalog Plus offers powerful searching of entire library collections including books, periodicals, audio and video files, eBooks, and a host of other media.

Follett's Circulation Plus system is designed to minimize the work associated with circulation and inventory management by automating these tasks. This includes routine circulation tasks that are typically performed by hand such as checking-in and checking-out books, calculating fines, sending overdue notices, and processing renewals. Circulation Plus puts complete inventory control in the hands of the librarian.

The portability and flexibility that has been part of FairCom's reputation for over 20 years have been fundamentally important to FSC. c-tree Plus' native support for multiple platforms, including Windows, Novell Netware, and Apple Macintosh, means that no changes are required in the database code when moving an application to different operating systems. The c-tree Server's heterogeneous networking allows FSC's engineers to implement Catalog Plus and Circulation Plus on different server platforms while supporting clients using any combination of Windows and Mac operating systems. FairCom handles all data conversions between the various operating systems and allows FSC to concentrate on what its customers need from the application and how to deliver it most efficiently.

The c-tree Server's client/server architecture allows FSC to maximize performance since database operations take place on the Server machine, thus reducing network I/O common with other databases. Clients access the server only when requesting data and only the results travel across the network, not the entire data search detail. In addition, FairCom's full-featured transaction processing assures that vital data will be preserved even in the face of a catastrophic failure, such as a machine crash or power failure.

btn_readmoreSm (510KB PDF)

Copyright 2014 FairCom Corporation. All rights reserved.