4D v14.3

GENERATE ENCRYPTION KEYPAIR

Home

 
4D v14.3
GENERATE ENCRYPTION KEYPAIR

GENERATE ENCRYPTION KEYPAIR 


 

GENERATE ENCRYPTION KEYPAIR ( privKey ; pubKey {; length} ) 
Parameter Type   Description
privKey  BLOB in BLOB to contain the private key
pubKey  BLOB in BLOB to contain the public key
length  Longint in Key length (bits) [386...2048] Default value = 512

The GENERATE ENCRYPTION KEYPAIR command generates a new pair of RSA keys. The security system offered in 4D is based on keys designed to encrypt/decrypt information. They can be used within the SSL protocol, with 4D Web server (encryption and secured communications) and in all databases (for data encryption).

Once the command has been executed, the BLOBs passed in privKey and pubKey parameters contain a new pair of encryption keys.

The optional parameter length can be used to set the key size (in bits). The larger the key, the more difficult it is to break the encryption code.

However, large keys require longer execution or reply time, especially within a SSL connection.

By default (if the length parameter is omitted), the generated key size is set to 512 bits, which is a good compromise for the security/efficiency ratio. To increase the security factor, you can change keys more often, for example every six months.You can generate 2048 bits keys to increase the encryption security but the Web application connections will be slowed down.

This command will generate keys in PKCS format encoded in base64, which means that their content can be copied/pasted in an email without any change. Once the pair of keys has been generated, a text document in PEM format can be produced (using the BLOB TO DOCUMENT command for example) and the keys can be stored in a safe place.

Warning: The private key should always be kept secret.

The RSA cipher used by GENERATE ENCRYPTION KEYPAIR is based on a double key encryption system: a private key and a public key. As indicated by its name, the public key can be given to a third person and used to decrypt information. The public key is matched with a unique private key, used to encrypt the information. Thus, the private key is used for encryption; the public key for decryption (or vice versa). The information encrypted with one key can only be decrypted with the other one.

The SSL protocol encryption functionalities are based on this principle, the public key being included in the certificate sent to the browsers (for more information, see the section Using SSL Protocol).

This encryption mode is also used by the first syntax of the ENCRYPT BLOB and DECRYPT BLOB commands. The public key should be confidentially published.

It is possible to mix the public and private keys from two persons to encrypt information so that the recipient is the only person to be able to decrypt them and the sender is the only person to have encrypted them. This principle is given by the two commands ENCRYPT BLOB and DECRYPT BLOB second syntax.

Example  

See example for command ENCRYPT BLOB.

 
PROPERTIES 

Product: 4D
Theme: Secured Protocol
Number: 688

 
HISTORY 

Created: 4D v6.7

 
SEE ALSO 

DECRYPT BLOB
ENCRYPT BLOB
GENERATE CERTIFICATE REQUEST

 
TAGS 

SSL

 
ARTICLE USAGE

4D Language Reference ( 4D v12.4)
4D Language Reference ( 4D v14 R2)
4D Language Reference ( 4D v13.5)
4D Language Reference ( 4D v14 R3)
4D Language Reference ( 4D v14.3)
4D Language Reference ( 4D v14 R4)

Parent of : GENERATE ENCRYPTION KEYPAIR ( 4D v11 SQL Release 6)