Developing a database encryption plugin for Firebird 3.0.9 32 bit version for windows

[Mathew Joseph]

Hello everyone

I am trying to develop a database encryption plugin so that I can transparently

encrypt and decrypt a Firebird database using the database encryption plugin

I successfully created a plugin using the sample at

https://github.com/FirebirdSQL/firebird/blob/master/examples/dbcrypt/cryptDb.pas

Since the sample only uses Xor encryption I would like to build a plugin using AES encryption

But even after searching for many days on the Internet I have not got any information on how to go about it

Please point me to some sample code that I can use to build am encryption plugin using the AES algorithm

Thanks in advance for any tips

Regards

Mathew

[Dimitry Sibiryakov]

Mathew Joseph wrote 07.06.2023 8:05:
> Please point me to some sample code that I can use to build am encryption plugin
> using the AES algorithm

I used this sample to create the plugin for IBPhoenix:
https://www.intel.com/content/dam/develop/external/us/en/documents/aes-wp-2012-09-22-v01.pdf

--
WBR, SD.

[Mathew Joseph]

Thanks a lot 

Regards

Mathew 

--
You received this message because you are subscribed to the Google Groups "firebird-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebird-deve...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebird-devel/2e022b10-bbc6-56cb-4901-977e0cf48e6e%40ibphoenix.com.

[Jim Starkey]

If you use cipher text stealing (https://en.wikipedia.org/wiki/Ciphertext_stealing), you can keep pre and post encryption message lengths constant for all messages over the cipher block size.  Basically eliminates any advantage of stream ciphers.  For security, you should also do cipher block chaining.

Probably the best source for AES code using the crypto instructions is at  https://www.intel.com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper.pdf

You will probably need a conventional C version as well.  I use the Botan AES code as a good combination of performance and license.

--
You received this message because you are subscribed to the Google Groups "firebird-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebird-deve...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebird-devel/20645b6e-2e32-43ea-b77a-f0327695c788n%40googlegroups.com.

--
Jim Starkey, AmorphousDB, LLC

[Ertan Küçükoglu]

Hi,

Reading sample codes, I wonder if "length" variable in encrypt/decrypt calls for IDbCryptPluginImpl is fixed or if it is a multiply of 16 which AES works.

I am referring to below lines in https://github.com/FirebirdSQL/firebird/blob/master/examples/dbcrypt/cryptDb.pas

    // TCryptPlugin implementation
    procedure encrypt(status: IStatus; length: Cardinal; src, dst: Pointer); override;
    procedure decrypt(status: IStatus; length: Cardinal; src, dst: Pointer); override;

Thanks & Regards,

Ertan

7 Haziran 2023 Çarşamba tarihinde saat 17:38:54 UTC+3 itibarıyla Jim Starkey şunları yazdı:

[Dimitry Sibiryakov]

Ertan Küçükoglu wrote 09.06.2023 23:01:
> Reading sample codes, I wonder if "length" variable in encrypt/decrypt calls for
> IDbCryptPluginImpl is fixed or if it is a multiply of 16 which AES works.

It is either DB page size minus page header (which is 16 bytes by chance) or
16 bytes DB header signature.

--
WBR, SD.