In a previous post, we discussed how to get started with data file encryption. Now we’re going to discuss an additional way to work with encrypted data files: New 4D commands. These commands are designed to support most encryption requirements and allow you to deliver an encrypted solution to your customers.
HDI: Example of data encryption commands
Encrypting a data file
In addition to the MSC, you can manage encryption with the Encrypt data file() command:
C_TEXT($folder;$passphrase)
$passphrase:=Request("Enter the passphrase")
if (OK=1)
$folder:=Encrypt data file("Macintosh HD:Users:structures:myDataBase.4DB";
"Macintosh HD:Users:data:myData.4DD";$passphrase) // myData.4DD is not opened
End if
Providing the data encryption key via the language
In addition to 4D’s automatic data encryption key detection, the new provideDataKey() command is available in the ds object to provide the data encryption key to an opened data file. This is useful when building your own user interface to control access to your encrypted data.
While ds is an ORDA feature, the provideDataKey() command is valid for both ORDA and classic 4D code.
C_OBJECT($keyStatus)
C_TEXT($passphrase)
$passphrase:=Request("Enter the passphrase")
if (OK=1)
$keyStatus:=ds.provideDataKey($passphrase)
If ($keyStatus.success)
ALERT("You have provided a valid encryption key")
Else
ALERT("You have provided an invalid encryption key. Access to encrypted data is denied.")
End if
End if
GET THE ENCRYPTION STATUS
The new encryptionStatus() command is also available in the ds object. It checks whether or not the opened data file is encrypted and if a valid data encryption key has been provided.
C_OBJECT($status;$provideStatus)
C_TEXT($passphrase)
$status:=ds.encryptionStatus()
Case of
: (Not($status.isEncrypted))
ALERT("Data is not encrypted")
: (($status.isEncrypted) & (Not($status.keyProvided)))
ALERT("Data is encrypted and you have not provided a valid encryption key. Access is to encrypted data is denied.")
: (($status.isEncrypted) & ($status.keyProvided))
ALERT("Data is encrypted and the encryption key has already been provided. Access is granted to encrypted data.")
End case
OTHER COMMANDS
unopened DATA file status
The Data file encryption status() command returns the encryption status of a specified, unopened data file. This allows you to verify the encryption status of a data file before opening it.
new data key()
The New data key() command generates a binary data encryption key from a given passphrase. Since 4D automatically searches for a valid data encryption key on connected devices when a data file is opened, this command allows you to generate your own binary data encryption key which you can then write to a file.
discover data key
If you forget to connect the device containing your data encryption key before opening a data file, you can use the Discover data key() command to provide the key.
register data key()
To avoid providing the data encryption key each time you open a data file, you can use the Register data key() command to add it to the 4D keychain.
commands in actions
The HDI above demonstrates all the commands in this blog post to give you an overview with concrete examples on how to use them for your own databases.