encrypting dbf files

[jds]

Is there a fivewin function that encrypts dbf files by closing or interupting the fivewin program so that they can not be modified with an external program

[Antonio Linares]

You can use FWH functions Encrypt() and Decrypt() so all info inside the DBF is encrypted.

field->myfield := Encrypt( "value", cPassword )

[James Bott]

Note that when using Encrypt/Decrypt all fields must be character format.

[MarcoBoschi]

Using tables with no memo field I manage them in this way

Code: Select all | Expand

#include "fivewin.ch"
#include "Dbinfo.ch"

FUNCTION MAIN

SELECT 0
USE t090

DBINFO( DBI_PASSWORD, "12345678" )

browse()

RETURN NIL

 

I create a dbf encrypted in this way

Code: Select all | Expand

#include "DbStruct.ch"
#include "Dbinfo.ch"

FUNCTION MAIN( cFileIn, cFileOut, cCodice )
LOCAL aStruct := {}

  // open file to read to obtain structure
  USE &(cFileIn) ALIAS filein
  aStruct := DBSTRUCT()
  USE

  // create encrypted file 
  DBCREATE( cFileOut, aStruct )
  USE &(cFileOut) ALIAS fileout

  DBINFO( DBI_PASSWORD, cCodice )  // cCodice = "12345678" in example

  APPEND FROM &(cFileIn)


RETURN NIL

 

[jds]

What includes are necessary to use encrypt() and decrypt() files please

[HunterEC]

Jds:

(x)Harbour supports three functions to handle encryption / decryption transparently:
1. Sx_DBFencrypt (cPassword) - encrypts all records in database file.
2. Sx_DBFdecrypt () - decrypts all records in database file.
3. Sx_SetPass (cPassword) - set / changes password to be used in the encryption functions.

With the above mentioned suggestions the database fields remains as you designed them (Date, Numerics, Memos, etc.).

The drawback with the Encrypt() and Decrypt() functions is that, as James pointed out correctly, all fields must be character.

Hope this helps.

[jds]

So, if I understood it well, the user has to use a password to encrypt;
So it is not possible that by exiting the program all dbf files can be encrypted so that the user can not modify the dbf files with an external program

[James Bott]

JDS,

So, if I understood it well, the user has to use a password to encrypt;

Of course, it would not be secure if anyone can run the program without logging in. So each authorized user needs to login using a password. The actual password that encrypts/decrypts the databases is the same for all users. It can also be encrypted and stored in an external file. No users need to know what this password is. The admin should be able to change it periodically.

So it is not possible that by exiting the program all dbf files can be encrypted so that the user can not modify the dbf files with an external program

In the above system, the databases are encrypted all the time. The data is only decrypted when in RAM.

I can't see encrypting the databases after the last user exits--this would be slow, impractical, and not secure. The databases would all have to be decrypted and written back to disk while any user was using the program. During this time anyone could copy all the databases (decrypted) to another place. Also, after encrypting the databases all the decrypted copies would have to be securely erased. This system would not be secure at all.

Regards,
James

[HunterEC]

Jds:

Steps on using encryption:
1. You encrypt all tables with a tool that uses the Sx_DBFencrypt (cPassword) function.
2. Your program has the password either hard coded or in an external dbf.
3. Make SURE if you hard coded it to not set it up as a literal, build it as a result of some sort of mathematical function.
4. This way it cannot be retrieved via a binary editor since the compiler cannot "resolve" or pre-process it at compile time.
5. This way DBF are ALWAYS ENCRYPTED.


Hope this helps. I've been using encryption since the old Clipper 5.2e/DOS days (SIx driver).

[James Bott]

Hunter,

1. You encrypt all tables with a tool that uses the Sx_DBFencrypt (cPassword) function.

I assume this is an EXE? Where does one get the EXE or source?

It seems you could also write your own--just open each dbf, read each record, encrypt it and save. Seems simple enough.

Regards,
James

[HunterEC]

James:

You just write a simple program to encrypt tables.

Code: Select all | Expand

#include "Common.ch"
#include "FiveWin.ch"

PROCEDURE Main (cFileName, cPassWord)


    DEFAULT cFileName TO ""
    DEFAULT cPassword TO ""

    IF ! EMPTY(cPassword)
        IF FILE(cFileName)
           USE (cFileName) VIA "DBFCDX" EXCLUSIVE
           Sx_DBFencrypt (cPassword)
           USE
           MsgInfo("File: " + cFileName + " Encrypted")
        ELSE
            MsgInfo("File: " + cFileName + " NOT Found")
    ELSE
         MsgInfo ("Empty Passwords Not Allowed")
    ENDIF
RETURN       
 

[Jack]

Is it possible to encrypt only some fields of a table .

For example, in a People dbf file, i only want to Encrypt Name and Adress .


Thanks

[James Bott]

Jack,

i only want to Encrypt Name and Adress

Why?

Why not just encrypt everything? There is very little speed penalty. If security is an issue, why secure only some of the data?

Regards,
James

[James Bott]

Hunter,

Thanks for the example code.

Do you have any ideas on how we could check to see if a file is already encrypted? I just thought it might be handy to prevent ever encrypting a file twice.

James

[Jeff Barnes]

I use the free ADS encryption. It encrypts the entire file.