Home
eNewsletterVolume25Advanced Server Encryption
Secure your Data with Advanced c-tree Server Encryption
c-treeACE database technology offers users the ability to enable Advanced Encryption at run time, through the use of a c-treeACE configuration keyword. FairCom offers developers a choice of using either standard FairCom proprietary file encryption or including other advanced encryption routines, such as AES (Rijndael), Blowfish, or Twofish. Using the c-treeACE SDK, developers can also author in their own proprietary encryption algorithms for advanced needs.
FairCom proprietary file encryption is designed to shield data from casual inspection while maintaining performance. Advanced encryption is designed for increased security, however, realizing a performance penalty for the complex encryption algorithms involved. c-treeACE offers a range of advanced encryption options for the developer, maximizing performance potentials where it is needed most.
FairCom offers many other ways to secure your data and applications as well, including file level passwords, client-server handshake technology, encrypted TCP/IP communications, user, group and file access permissions, and advanced logon control restrictions.
Contact your nearest FairCom office should you require additional information, or have specific needs regarding this powerful c-treeACE feature.
Enable Advanced Encryption
Follow these steps to enable advanced encryption support:
- When Advanced Encryption is enabled, c-treeACE prompts for a master password at server startup. Run the ctcpvf utility to generate an encrypted password for use when launching the Advanced Encryption enabled Server. This will generate the file ctsrvr.pvf.
Note: Developers can use the c-treeACE SDK to replace this prompt with an application-specific method of retrieving the master password.
- To enable Advanced Encryption, place the following keyword in the ctsrvr.cfg configuration file prior to launching:
Important: Advanced Encryption is disabled by default. Any time you change the advanced encryption setting, you should delete the FAIRCOM.FCS file (which contains user and group information) before restarting c-treeACE as user and group information is encrypted for protection as well. All user and group information must be recreated if the FAIRCOM.FCS file is deleted.
Implementing Advanced Encryption
Client implementation of Advanced Encryption is accomplished through the use of the SetEncryption() function. Refer to the c-treeACE Function Reference Guide for details on this function. Refer to the c-treeACE Programmer's Reference Guide for complete details on implementing advanced encryption.
To encrypt files, simply call SetEncryption() before calling the function to create the file. The mod parameter should point to a text string containing one of the constants in the table below (for example., ctENCR to use the default encryption method or ctDES24 to use DES encoding with a 24-byte key. See ctport.h for constants.)
Note: For Advanced Encryption key is unused and keylen should be a non-zero value.
SetEncryption() is only required to create encrypted files. Any standard client can access files encrypted by a c-tree Server configured for advanced file encryption. Encryption and decryption occurs server side, and is not part of the client application.
Example
This example demonstrates full AES32 advanced encryption for a single file:
InitISAM(...)
SetEncryption( (pTEXT)ctAES32, key, (VRLEN) 23)
CreateIFile(..1..)
SetEncryption(NULL, NULL, (VRLEN) 0)
The possible mod values are defined in ctport.h:
Symbolic Constant |
Description |
ctENCR |
FairCom Standard File Encryption - See “Standard File Encryption”. |
ctAES16 ctAES24 ctAES32 |
Advanced Encryption Standard (AES) - Rijndael encryption algorithm implementation based on code made public by the Rijndael web page as an NIST AES finalist. For more information regarding this standard, refer to “Rijndael Web Site (AES Encryption)”. According to the Rijndael web site: “Rijndael is available for free. You can use it for whatever purposes you want, irrespective of whether it is accepted as AES or not." |
ctDES8 ctDES16 ctDES24 |
Data Encryption Standard - DES encryption algorithm based on a description published by Bruce Schneier in “Applied Cryptography 2nd Edition.” (ISBN 0-471-12845-7) |
ctBLF8 through ctBLF56 |
Blowfish encryption algorithm implementation based on code made public by Bruce Schneier of Counterpane Internet Security Inc. For more information regarding this standard, refer to “Blowfish Encryption Web Site”. According to the Counterpane web site about Blowfish: “Blowfish is unpatented and license-free, and is available free for all uses." |
ctTWF16 ctTWF24 ctTWF32 |
Twofish encryption algorithm implementation based on code made public by Counterpane Internet Security Inc, as one of the NIST AES finalist. For more information regarding this standard, refer to “Twofish Encryption Web Site”. According to the Counterpane web site about Twofish: “Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses." |
Citibank's MTMS-32 application provides secure Internet financial transactions for international corporate operations. The most demanding cash management and commercial transaction requirements for managing international organizations are delivered by FairCom database technology with all the performance and security expected from Citibank. MTMS-32 is designed to protect and secure the vital financial data required by today's multinational corporations.
The MTMS-32 client side application is designed to operate on all 32 bit versions of Windows and Citibank depends on FairCom's portability for the FairCom Windows NT and FairCom Novell NLM Servers for back end processing. Installation projections indicate over 4,000 multinational corporations in Asia will be using FairCom database technology to provide them the mission critical financial operations required in today's global economy.
(831KB PDF)
