home *** CD-ROM | disk | FTP | other *** search
- Tech Chapter 4 - Encryption MetalBase 5.1
- -------------------------------------------------------------------------------
-
- NOTE: This information is provided for the database administrator only, and
- is sufficient to decode the (rather simple) encryption method. If you
- are going to be encrypting sensitive data, you should delete or change
- the permissions on this file.
-
- Encryption is apparently working for all machines now--however, this has always
- been the hardest part to port between machines. If necessary (or if you
- simply want to), compile the library (and vr.c/whatever) with -DNO_ENCRYPT,
- and it'll be turned off entirely. Please contact me (see the chapter on
- technical support in the ../DOX directory) if encryption does not work on
- your machine, so I can fix the problem.
-
- -------------------------------------------------------------------------------
-
- When encryption is active in a relation, the following operations take place
- at any necessary time:
-
- - All records to be written are encrypted on a field-by-field basis before
- the write takes place
- - Records being compared during an internal search are decrypted before
- being compared
- - Records being read for return to the user are decrypted after being read
-
- In this way, as long as mb_inc() is always called with the same key, programs
- will never see any effect of encryption--records passed to MetalBase
- routines are not encrypted by the user, and records returned from these
- routines are already decrypted. However, the relation's data will be
- unintelligible if viewed using either an external file display utility or
- MetalBase routines which have not passed the proper key to mb_inc().
-
-
- When the user specifies a string as an encryption key for mb_inc(), the string
- is hashed to return an integer; that integer is cast to a character and the
- bits scrambled to obtain a single-character starting mask. If a non-NULL
- string is passed in, the starting mask is guaranteed to never be zero... it
- is this mask which is stored in the relation, and verified before mb_inc()
- will proceed. This mask is also stored in the relation data structure
- returned to the process which calls mb_inc(); if the user calls mb_inc()
- with "" or NULL, 0 is stored in both places.
-
- If this key is 0, no encryption will take place for that session (note that
- already-encrypted information will not be decrypted without the proper
- key--passing 0 is simply an alternative to encrypting the relation in the
- first place).
-
- When a record is encrypted or decrypted, each field is handled individually.
- This is because MB 4.0 originally used a memoried encryption method; i.e.,
- a byte's mask was dependent on the value of the byte before it. Portability
- problems with uchars forced a change to it before the original 4.0 release,
- but the style is still the same. In the interests of speed, it is necessary
- to decrypt only indexed fields during an internal search; thus, each field
- must be a starting point for the algorithm.
-
- To encrypt a field consisting of N bytes (be they for longs, strings, or
- whatever):
-
- if ((mask = relation.mask) != 0) // set by MetalBase during mb_inc()
- {
- for (i = 0; i < N; i++)
- {
- data[i] ^= mask;
- mask = (mask+1) & (int)0xFF;
- }
- }
-
- Decryption uses the exact same routine. Note that field types T_MCHAR and
- T_MBYTE are not encrypted, as the sensitive information isn't stored at
- that point. Instead, it is expected that the compression algorithm used
- will sufficiently hide the relevant text; see the chapter on Compression
- for a more detailed explanation of the scheme used.
-
-
