New 4D commands to work with encrypted data

In a previous post, we discussed how to get started with data file encryption. Now we’re going to discuss an additional way to work with encrypted data files: New 4D commands. These commands are designed to support most encryption requirements and allow you to deliver an encrypted solution to your customers. 

HDI: Example of data encryption commands

Encrypting a data file

In addition to the MSC, you can manage encryption with the Encrypt data file() command:

C_TEXT($folder;$passphrase)
$passphrase:=Request("Enter the passphrase")
if (OK=1)
 $folder:=Encrypt data file("Macintosh HD:Users:structures:myDataBase.4DB";
"Macintosh HD:Users:data:myData.4DD";$passphrase) // myData.4DD is not opened
End if

Providing the data encryption key via the language

In addition to 4D’s automatic data encryption key detection, the new provideDataKey() command is available in the ds object to provide the data encryption key to an opened data file. This is useful when building your own user interface to control access to your encrypted data.

While ds is an ORDA feature, the provideDataKey() command is valid for both ORDA and classic 4D code.

C_OBJECT($keyStatus)
C_TEXT($passphrase)
$passphrase:=Request("Enter the passphrase")
if (OK=1)
$keyStatus:=ds.provideDataKey($passphrase)
 If ($keyStatus.success)
   ALERT("You have provided a valid encryption key")
 Else
    ALERT("You have provided an invalid encryption key. Access to encrypted data is denied.")
 End if
End if

GET THE ENCRYPTION STATUS

The new encryptionStatus() command is also available in the ds object. It checks whether or not the opened data file is encrypted and if a valid data encryption key has been provided.

C_OBJECT($status;$provideStatus)
C_TEXT($passphrase)
$status:=ds.encryptionStatus()
Case of
: (Not($status.isEncrypted))
 ALERT("Data is not encrypted")
: (($status.isEncrypted) & (Not($status.keyProvided)))
 ALERT("Data is encrypted and you have not provided a valid encryption key. Access is to encrypted data is denied.")
: (($status.isEncrypted) & ($status.keyProvided))
 ALERT("Data is encrypted and the encryption key has already been provided. Access is granted to encrypted data.")
End case

OTHER COMMANDS

  unopened DATA file status

The Data file encryption status() command returns the encryption status of a specified, unopened data file. This allows you to verify the encryption status of a data file before opening it.

  new data key()

The New data key() command generates a binary data encryption key from a given passphrase. Since 4D automatically searches for a valid data encryption key on connected devices when a data file is opened, this command allows you to generate your own binary data encryption key which you can then write to a file.

  discover data key

If you forget to connect the device containing your data encryption key before opening a data file, you can use the Discover data key() command to provide the key.

  register data key()

To avoid providing the data encryption key each time you open a data file, you can use the Register data key() command to add it to the 4D keychain.

commands in actions

The HDI above demonstrates all the commands in this blog post to give you an overview with concrete examples on how to use them for your own databases.

Avatar
• Product Owner • Marie-Sophie Landrieu-Yvert has joined the 4D Product team as a Product Owner in 2017. As a Product Owner, she is in charge of writing the user stories then translating it to functional specifications. Her role is also to make sure that the feature implementation delivered is meeting the customer need.Marie-Sophie graduated from the ESIGELEC Engineering School and began her career as an engineer at IBM in 1995. She participated on various projects (maintenance or build projects) and worked as a Cobol developer. Then she worked as an UML designer and Java developer. Lately her main roles were analyzing and writing functional requirements, coordinate business and development teams.