4D v14.3ENCRYPT BLOB |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
4D v14.3
ENCRYPT BLOB
ENCRYPT BLOB
The ENCRYPT BLOB command encrypts the content of the toEncrypt BLOB with the sender’s private key sendPrivKey, as well as optionally the recipient’s public key recipPubKey. These keys should be generated by the command GENERATE ENCRYPTION KEYPAIR (within the “Secured Protocol” theme). Note: This command uses the SSL protocol algorithm and encryption features. To be able to use this command, make sure that the components necessary to the SSL protocol are installed properly on your machine — even though you do not want to use SSL for 4D Web server connections. For detailed information on this protocol, please refer to section Using SSL Protocol.
The BLOB containing the keys has a PKCS internal format. This standard cross platform format allows exchanging or handling keys simply by copy-pasting in an Email or a text file. Once the command has been run, the toEncrypt BLOB contains the encrypted data that will be decrypted only with the DECRYPT BLOB command, with the sender’s public key passed as parameter. Encryption principle with public and private keys for message exchange between two people, “Alice” and “Bob”: Note: The cipher contains a checksum functionality in order to avoid any BLOB content modification (deliberately or not). Consequently, an encrypted BLOB should not be modified otherwise it might not be decrypted. Data encryption slows down the execution of your applications, especially if a pair of keys is used. However, you can consider the following optimization tips:
1) The company generates a pair of keys with the command GENERATE ENCRYPTION KEYPAIR: `Method GENERATE_KEYS_TXT 2) The company keeps the private key and sends a copy of the document containing the public key to each subsidiary. For maximum security, the key should be copied on a disk handed over to the subsidiaries. 3) Then the company copies the private information (stored in the text field, for example) in BLOBs which will be encrypted with the private key: `Method ENCRYPT_INFO 4) The update files can be sent to the subsidiaries (though a non-secured channel such as the Internet). If a third person gets hold of the encrypted file, he will not be able to decrypt it without the public key. 5) Each subsidiary can decrypt the document with the public key: `Method DECRYPT_INFO
A company wants to use the Internet to exchange information. Each subsidiary receives private information and also sends information to the corporate office. Consequently there are two requirements: 1) The corporate office and each subsidiary generate their own key pairs (with the GENERATE_KEYS_TXT method). 2) The private key is kept secret by both sides. Each subsidiary sends its public key to the corporate office who, in its turn, sends its public key too. This key transfer does not need to be done through a secured channel as the public key is not enough to decrypt the message. 3) To encrypt the information to send, the subsidiary or the corporate house executes the ENCRYPT_INFO_2 method which uses the sender’s private key and the recipient’s public key to encrypt the information:
`Method ENCRYPT_INFO_2 4) The encrypted file can then be sent to the recipient via the Internet. If a third person gets hold of it, he or she will not be able to decrypt the message, even if he or she has the public keys as the recipient’s private key will also be required. 5) Each recipient can decrypt the document by using his/her own private key and the sender’s public key: `Method DECRYPT_INFO_2 |
PROPERTIES
Product: 4D
HISTORY
Created: 4D v6.7 SEE ALSO
DECRYPT BLOB TAGS Encryption, Public Key, Private key, PKCS, Optimization ARTICLE USAGE
4D Language Reference ( 4D v11 SQL Release 6) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||