Firebird Encryption Plugin Framework
Firebird Encryption Plugin Framework is the fast and easy way to add transparent and strong (AES256, optionally Windows Crypto API, etc) encryption for Firebird databases:
- Pre-built binaries for Firebird 3.0.3+ and Firebird 4.0.x, Windows 32/64 and Linux 32/64.
- Gbak.exe with encryption of databases and backups.
- Decrypt tool for recovery of corrupted encrypted databases (requires FirstAID tool, its license is included in Unlimited license, from version 2021)
- Full sources included
- Unlimited license for redistribution with all business applications of your company
- Detailed examples of the implementation in Delphi, PHP, etc
- (Optional) Implementation support - our engineers will help you to implement and integrate encryption
- (Optional) SQL development tool with the encryption support
- Look how easy you can implement Firebird encryption
Firebird 3.0 has introduced the ability to encrypt databases to protect sensitive data from unauthorized access and prevent direct work with databases: only designated applications should be able to work with encrypted databases.
It also important to keep the ability to work with the encrypted Firebird databases in the trusted environment - i.e., the developer and system administrator should have transparent access to the databases through their favorite development and administrator tools.
To provide a high level of protection, each application should have the custom implementation of encryption, and that's why we have created Firebird Encryption Plugin Framework
– source code and implementation guidance to implement Firebird encryption.
uses AES256 cryptography to encrypt data on the page level (other cryptography methods, as DPAPI, etc, can be easily added). The plugin encrypts only users' data: records, BLOBs, indices keys, sources of stored procedures, and triggers. Firebird system pages (pointer, transactions, etc) are not encrypted to increase performance. Encryption and decryption do not require exclusive access to the database: end-user applications can work with the database while the database is encrypted or decrypted.
How to implement Firebird database encryption
There are 2 phases in the implementation process: database phase and end-user application
1. Database phase
- Copy plugin files (and, if necessary, firebird.conf and KeyHolder.conf) to Firebird folder
- Generate keys - you can generate as many keys as needed (if necessary)
- Encrypt database with the command «alter database encrypt with key KEYNAME» (in isql.exe or in your application)
- Check that gbak, gfix, isql work with the encrypted database.
After this phase the database is encrypted, all users and standard applications are working as usual, without modification: Firebird transparently retrieves keys from KeyHolder.conf.
Some customers can be satisfied with this implementation or amend the plugin (KeyHolder.dll) to retrieve keys from a more secure place than KeyHolder.conf (for example, use DPAPI or other mechanisms).
The protection scheme should be individual, don't hesitate to contact our support to discuss various options.
2. End-user application
For a detailed step-by-step description click here!
- Embed into the end-user application the code to initialize encrypted connection and transfer of keys. There are examples for Delphi, Lazarus, PHP, .NET, Java available (by request).
- Remove KeyHolder.conf from the test server, and restart Firebird
- Test the following
- end-user application is able to work with the encrypted database
- standard Firebird tools and development tools do not have access to the encrypted database
- gbak with encryption support creates encrypted backups
- End-user applications are ready for deployment
The unlimited license allows unlimited redistribution of encryption plugins to third-party organizations, bundled with your business applications. Firebird Encryption Plugin Framework includes full sources for the plugin and implementation technical support for the single application.
If you need consulting/implementation support, please buy the license with included implementation support.
Encryption Plugin Framework requires Firebird 3.0.3+ or Firebird 4.0.x. It supports Windows and Linux, 32bit and 64bit.
To build custom binaries, you will need Visual Studio 2010 - it is the official build machine for Firebird 3, so plugins also should be built with it.
Also, you can use prebuilt binaries.
Please contact us with any questions: [email protected]