Get started with encryption in 4D



Product

In a previous blog post, we announced new data encryption tools for your 4D databases. Now it’s time to get our hands dirty and learn more about these tools which were designed to be as automatic as possible. 

Encrypting your 4D data is straightforward: First choose the data to encrypt, then encrypt it via the Maintenance and Security Center (MSC).

Choose the data to encrypt

Be aware that access to encrypted data has an impact on your application’s performance, so it’s highly recommended to carefully choose the data you want to encrypt. 4D encryption is performed at the table level, so it’s a good idea to group sensitive information into targeted tables.

New attribute

A new Encryptable attribute is available for tables in Design Mode. Encryption is not executed here, this sets the encryption status of a table by designating that it can be encrypted. 

Tip to remember: To navigate through tables and check this attribute, you can use the Ctrl + left arrow / Ctrl + right arrow (Windows) or Cmd + left arrow / Cmd + right arrow (macOS) shortcuts.

the NEW MSC ENCRYPT PAGE

Once you’re ready to encrypt your data, the easiest way to do so is via the new Encrypt page in the MSC. To encrypt your data for the first time, simply click on the Encrypt data button. 

blank

 

You’ll then be asked to choose a passphrase

blank

The MSC Encrypt page provides all of the necessary features to monitor your data encryption. You can use this page to encrypt or decrypt the data file, as well as re-encrypt the data file and change your passphrase.

AND ONCE the DATA IS ENCRYPTED …

Here is a list form of an encrypted table where the valid data encryption key was not provided:

blank

As you can see, nothing is displayed.

Once the valid data encryption key is provided, data is automatically decrypted in memory when loaded: 

blank

Providing the valid data encryption key also allows the data to be encrypted on disk during a save action.

providing the data encryption key

When an encrypted data file is opened, 4D automatically looks for a valid data encryption key at the root level on connected devices (flash drive, disk, etc.). If a valid key is found, access is granted to the encrypted data. Several data encryption keys can be saved on a device. This could be useful if you change your passphrase or restore old backups encrypted with old keys. If you use a locked server rack, you could store your data encryption key on a flash drive or other portable device. 

Keep in mind…

4D encryption is very secure since it relies on the data encryption key. No data encryption key, no access to encrypted data. This principle applies to everyone … including you. So don’t forget … you must not lose or forget your data encryption key!

 

Discuss

Tags , , ,

Avatar
• Product Owner • Marie-Sophie Landrieu-Yvert has joined the 4D Product team as a Product Owner in 2017. As a Product Owner, she is in charge of writing the user stories then translating it to functional specifications. Her role is also to make sure that the feature implementation delivered is meeting the customer need.Marie-Sophie graduated from the ESIGELEC Engineering School and began her career as an engineer at IBM in 1995. She participated on various projects (maintenance or build projects) and worked as a Cobol developer. Then she worked as an UML designer and Java developer. Lately her main roles were analyzing and writing functional requirements, coordinate business and development teams.