Firebird Encryption Plugin Framework

Purchase & Download


  • Firebird Encryption Plugin Framework (Unlimited License) R$ 5999
Firebird Encryption Plugin Framework is the fast and easy way to add transparent and strong (AES256) encryption for Firebird databases:
  • Pre-built binaries for Firebird 3.0.3, Windows 32/64 and Linux 32/64
  • Gbak.exe with encryption of databases and backups.
  • Full sources included
  • Unlimited license for redistribution with all business applications of your company
  • Detailed examples of the implementation in Delphi, PHP, etc
  • Implementation support - our engineers will help you to implement and integrate encryption
  • (Optional) SQL development tool with the encryption support

Firebird Encryption Plugin Framework

Firebird 3.0 has introduced the ability to encrypt databases to protect sensitive data from the unauthorized access and prevent the direct work with the databases: only designated applications should be able to work with encrypted databases. 
Download Firebird Encryption Plugin demo It also important to keep the ability to work with the encrypted Firebird databases in the trusted environment - i.e., developer and system administrator should have transparent access to the databases through their favorite development and administrator tools.
To provide the high level of the protection, each application should have the custom implementation of an encryption, and that's why we have created Firebird Encryption Plugin Framework – source code and implementation guidance to implement Firebird encryption. 
FEPF uses AES256 cryptography to encrypt data on the page level (other cryptography methods can be implemented). The plugin encrypts only users' data: records, BLOBs, indices keys, sources of stored procedures and triggers. Firebird system pages (pointer, transactions, etc) are not encrypted to increase performance. Encryption and decryption do not require an exclusive access to the database: end-user applications can work with the database while the database is encrypted or decrypted.

How to implement Firebird database encryption

There are 2 phases in the implementation process: database phase and end-user application

Database phase

  1. Purchase Firebird Encryption Plugin Framework. It includes sources, complete guidance, examples for end-user applications and implementation support from IBSurgeon engineers.
  2. Copy plugin files (and, if necessary, firebird.conf and KeyHolder.conf) to Firebird folder
  3. Generate keys (if necessary)
  4. Encrypt database with the command «alter database encrypt with key KEYNAME» (in isql.exe or in your application) 
  5. Check that gbak, gfix, isql work with the encrypted database.
More details are in in the "Firebird Encryption Guide".
After this phase the database is encrypted, all user and standard applications are working as usual, without modification, since Firebird retrieves keys from KeyHolder.conf.

Some customers can be satisfied with this implementation or amend plugin (KeyHolder.dll) to retrieve keys from the more secure place than KeyGolder.conf (for example, use DPAPI or other mechanisms).
The protection scheme should be individual, don't hesitate to contact our support to discuss various options.

End-user application

  1. Embed into the end-user application the code to initialize encrypted connection and transfer of keys. 
  2. Remove KeyHolder.conf from the test server, and restart Firebird
  3. Test the following
    • end-user application is able to work with the encrypted database
    • standard Firebird tools and development tools do not have access to the encrypted database
  4. End-user and application are ready for deployment
More details are available in the FEPF user guide. Please contact us with any questions: [email protected]


The unlimited license allows unlimited redistribution of encryption plugins to third-party organizations, bundled with your business applications. Firebird Encryption Plugin Framework includes full sources for the plugin and implementation technical support for the single application.

Technical information.

Encryption Plugin Framework requires Firebird 3.0.3+. It supports Windows and Linux, 32bit and 64bit.