In a previous blog post, we announced new data encryption tools for your 4D databases. Now it’s time to get our hands dirty and learn more about these tools which were designed to be as automatic as possible.
Encrypting your 4D data is straightforward: First choose the data to encrypt, then encrypt it via the Maintenance and Security Center (MSC).
Choose the data to encrypt
Be aware that access to encrypted data has an impact on your application’s performance, so it’s highly recommended to carefully choose the data you want to encrypt. 4D encryption is performed at the table level, so it’s a good idea to group sensitive information into targeted tables.
A new Encryptable attribute is available for tables in Design Mode. Encryption is not executed here, this sets the encryption status of a table by designating that it can be encrypted.
Tip to remember: To navigate through tables and check this attribute, you can use the Ctrl + left arrow / Ctrl + right arrow (Windows) or Cmd + left arrow / Cmd + right arrow (macOS) shortcuts.
the NEW MSC ENCRYPT PAGE
Once you’re ready to encrypt your data, the easiest way to do so is via the new Encrypt page in the MSC. To encrypt your data for the first time, simply click on the Encrypt data button.
You’ll then be asked to choose a passphrase.
The MSC Encrypt page provides all of the necessary features to monitor your data encryption. You can use this page to encrypt or decrypt the data file, as well as re-encrypt the data file and change your passphrase.
AND ONCE the DATA IS ENCRYPTED …
Here is a list form of an encrypted table where the valid data encryption key was not provided:
As you can see, nothing is displayed.
Once the valid data encryption key is provided, data is automatically decrypted in memory when loaded:
Providing the valid data encryption key also allows the data to be encrypted on disk during a save action.
providing the data encryption key
When an encrypted data file is opened, 4D automatically looks for a valid data encryption key at the root level on connected devices (flash drive, disk, etc.). If a valid key is found, access is granted to the encrypted data. Several data encryption keys can be saved on a device. This could be useful if you change your passphrase or restore old backups encrypted with old keys. If you use a locked server rack, you could store your data encryption key on a flash drive or other portable device.
Keep in mind…
4D encryption is very secure since it relies on the data encryption key. No data encryption key, no access to encrypted data. This principle applies to everyone … including you. So don’t forget … you must not lose or forget your data encryption key!