Get started with encryption in 4D



Product

In a previous blog post, we announced new data encryption tools for your 4D databases. Now it’s time to get our hands dirty and learn more about these tools which were designed to be as automatic as possible. 

Encrypting your 4D data is straightforward: First choose the data to encrypt, then encrypt it via the Maintenance and Security Center (MSC).

Choose the data to encrypt

Be aware that access to encrypted data has an impact on your application’s performance, so it’s highly recommended to carefully choose the data you want to encrypt. 4D encryption is performed at the table level, so it’s a good idea to group sensitive information into targeted tables.

New attribute

A new Encryptable attribute is available for tables in Design Mode. Encryption is not executed here, this sets the encryption status of a table by designating that it can be encrypted. 

Tip to remember: To navigate through tables and check this attribute, you can use the Ctrl + left arrow / Ctrl + right arrow (Windows) or Cmd + left arrow / Cmd + right arrow (macOS) shortcuts.

the NEW MSC ENCRYPT PAGE

Once you’re ready to encrypt your data, the easiest way to do so is via the new Encrypt page in the MSC. To encrypt your data for the first time, simply click on the Encrypt data button. 

blank

 

You’ll then be asked to choose a passphrase

blank

The MSC Encrypt page provides all of the necessary features to monitor your data encryption. You can use this page to encrypt or decrypt the data file, as well as re-encrypt the data file and change your passphrase.

AND ONCE the DATA IS ENCRYPTED …

Here is a list form of an encrypted table where the valid data encryption key was not provided:

blank

As you can see, nothing is displayed.

Once the valid data encryption key is provided, data is automatically decrypted in memory when loaded: 

blank

Providing the valid data encryption key also allows the data to be encrypted on disk during a save action.

providing the data encryption key

When an encrypted data file is opened, 4D automatically looks for a valid data encryption key at the root level on connected devices (flash drive, disk, etc.). If a valid key is found, access is granted to the encrypted data. Several data encryption keys can be saved on a device. This could be useful if you change your passphrase or restore old backups encrypted with old keys. If you use a locked server rack, you could store your data encryption key on a flash drive or other portable device. 

Keep in mind…

4D encryption is very secure since it relies on the data encryption key. No data encryption key, no access to encrypted data. This principle applies to everyone … including you. So don’t forget … you must not lose or forget your data encryption key!

 

Discuss

Tags , , ,

Avatar
- Product Owner - Marie-Sophie Landrieu-Yvert joined the 4D Product team as a Product Owner in 2017. In this role, she is responsible for writing user stories and translating them into functional specifications. She also ensures that the delivered feature implementation meets the customer's needs. Marie-Sophie graduated from the engineering school ESIGELEC and began her career as an engineer at IBM in 1995. She took part in various projects (maintenance and development projects) and worked as a COBOL developer. She then moved on to work as a UML designer and Java developer. More recently, her main responsibilities included analyzing and writing functional requirements, and coordinating business and development teams.