<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Specification of Encryption for Valentina 2.0</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=921554616-31072005><FONT face=Arial
color=#0000ff size=2>Hi Ruslan,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921554616-31072005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=921554616-31072005><FONT face=Arial
color=#0000ff size=2>I have a question: Can you think of a possibility in which
someone would need to be granted limited access to part of a database, such as a
single table in a database, or a few fields? In such a case, how would this be
handled?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921554616-31072005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=921554616-31072005><FONT face=Arial
color=#0000ff size=2>Also, we do need some level of error handling if someone
doesnt have a password -- because it certainly happens in real life ;-) Shouldnt
there be a default method and then (in the more powerful C++ SDK) a way for this
to be modified or replaced by custom code? I can see how it may be desirable,
for example, to pass back nothing (but the attempt is logged
someplace).</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=921554616-31072005><!-- Converted from text/plain format -->
<P><FONT size=2>Best regards,<BR><BR>Lynn Fredricks<BR>President<BR>Proactive
International, LLC<BR><BR>- Because it is about who you know.(tm)<BR><A
href="http://www.proactive-intl.com/">http://www.proactive-intl.com</A><BR>-Software
Destinations<BR><A
href="http://www.proactive-intl.com/blogs/">http://www.proactive-intl.com/blogs/</A></FONT>
</P></SPAN></DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B>
valentina-beta-bounces@lists.macserve.net
[mailto:valentina-beta-bounces@lists.macserve.net] <B>On Behalf Of </B>Ruslan
Zasukhin<BR><B>Sent:</B> Sunday, July 31, 2005 8:56 AM<BR><B>To:</B>
valentina@lists.macserve.net; valentina-beta@lists.macserve.net; Igor Gomon;
Jochen Peters<BR><B>Subject:</B> Specification of Encryption for Valentina
2.0<BR></FONT><BR></DIV>
<DIV></DIV><FONT face="Verdana, Helvetica, Arial"><SPAN
style="FONT-SIZE: 12px">/******************************************************************************/<BR>Specification
(point of user)<BR><BR>* User can encrypt<BR> - the
whole database.<BR> - one or few
tables.<BR> - one or few fields.<BR><BR>* User cannot
encrypt links. <BR> Valentina 2.0 have Binary Links.
But since they keep only values of RecIDs<BR> there is
no sense to encrypt them.
<BR> <BR>*
Hierarchy of objects
<BR> VDatabase -> VTable
-> VField<BR><BR> inherit settings of encryption
parameters. In other words, if user <BR> have encrypt
database, then each its table also is encrypted using the
<BR> same password. And each field of a table also is
encrypted by that password.<BR><BR>* User cannot assign password to an object
if its supervisor already is encrypted.<BR> We do not
want do this to avoid ambigiouty with
passwords.<BR> <BR> In case user
try to assign password to a such object, then user get
ERROR<BR> "This
object already is encrypted"
<BR> <BR>*
Note that the main job do VField. VDatabase and VTable objects play just a
role of <BR> password-keeper. So VField encrypt data
stored in column of Table, also<BR> indexes of the
field is encrypted.<BR><BR>* If user forget password then big problems.
Because nobody can decrypt that database.<BR><BR>* Each of classes VDatabase,
VTable and VField implements interface I_Encryptable.
<BR><BR>* Important to note that you should never try read
data that are encrypted until<BR> you specify correct
password. So first of all you must check that you do
not<BR> get error WRONG_PASSWORD, and only after this
try to read data. <BR><BR>* What happens if user try read data
without password? Hard to say...<BR> He can see
garbage, or may be NULLs or may be empty
strings.<BR> In ideal system must not crash on access
to such non-encrypted data,<BR> although it seems it is
hard to implement this.
<BR><BR><BR>/******************************************************************************/<BR>*
Interface I_Encryptable offer to user the next operations:<BR><BR>//
Properties:<BR><BR> //
-----------------------------------------------------------------<BR> IsEncrypted
: bool
<BR><BR> DESCRIPTION:
Returns TRUE if this object is
encrypted,<BR> never
mind how -- directly or by supervisor. <BR><BR><BR> //
-----------------------------------------------------------------<BR> RequirePassword
: bool
<BR><BR> DESCRIPTION:
Returns TRUE if this object is root of
encryption,<BR> and
user must specify password to get access to data of this
object<BR> and
all its sub-objects.<BR><BR><BR>// Group of methods to
encrypt/decrypt:<BR><BR> //
-----------------------------------------------------------------<BR> Encrypt(
inPassword: string ) :
void<BR><BR> DESCRIPTION:
Encrypt object using the specified
password.<BR><BR> ERRORS:
- "Object already is
encrypted."<BR> -
"Object already is encrypted by
supervisor."<BR><BR> First
error happens if user try encrypt
<BR> already encrypted db for
example.<BR><BR> Second error
when user try encrypt e.g.
<BR> Table but its daatabse
already is encrypted.<BR><BR><BR> //
-----------------------------------------------------------------<BR> Decrypt(
inPassword: string ) :
void<BR> <BR> DESCRIPTION:
Removes encryption for an
object.<BR><BR> ERRORS:
- "Object is not
encrypted."<BR> -
"Object is encrypted by
supervisor."<BR> <BR><BR> //
-----------------------------------------------------------------<BR> ChangePassword(
inOldPassword : string, inNewPassword : string ) : void
<BR> <BR> DESCRIPTION:
Changes password of encryption for an
object.<BR><BR> ERRORS:
- "Object is not
encrypted."<BR> -
"Object is encrypted by
supervisor."<BR> -
"Wrong password."
<BR><BR> <BR>//
Group of methods to get access to encrypted
objects<BR><BR> //
-----------------------------------------------------------------<BR> UsePassword(
inPassword : string ) :
void<BR> <BR> DESCRIPTION:
Informs object by the password that it must use to
decrypt<BR> data
when read them from database
files.<BR> <BR> In
case user specifies a wrong password the error will be thrown with
<BR> the
delay in one second to prevent
hacking.<BR><BR> ERRORS:
- "Object is not
encrypted."<BR> -
"Wrong
password."<BR> <BR> Errors
are returned only if you apply this to Table or
Field,<BR> i.e. database
already is opened. When you apply this to a closed database
<BR> then
error cannot be checked, so error can be faired on db.Open().
<BR><BR><BR>/******************************************************************************/<BR>Technical
notes of implementation.<BR><BR>* On default we use BlowFish algorithm. This
algorithm require that data are aligned to 8
bytes.<BR><BR> Taking into account that Cache pages are
4Kb, we will use this amount of data<BR> as atomic set
to encrypt/decrypt.<BR><BR>* On disk all files of encrypted objects are ALWAYS
encrypted.<BR><BR>* We decrypt page when it is loaded into the Cache.
<BR> Decryption must happens before ByteSwap algorithms
start work:<BR> Cache.Read() -> Decrypt() ->
ByteSwap() <BR> <BR>*
When page must go to disk we again encrypt it.<BR> To
encrypt page, we need to use helper buffer of the same
size,<BR> because it is no good encrypt it directly in
cache, we still can use it.<BR> Only optimisation
possible if we exactly know that this page is removed
from<BR> cache right now.<BR><BR>* interface
I_Encryptable is visiable only on C++ level. <BR> All
rest plugins do not have it, just classes VDatabase, VTable,
VField<BR> have set of Encryption Methods.
<BR><BR> <BR><BR>/******************************************************************************/<BR>Examples
of usage:<BR><BR>1.1 Encryption of database (empty of with
records):<BR><BR> db = new
VDatabase()<BR> db.Open()<BR><BR> db.Encrypt(
"password" )<BR> db.Close()<BR><BR><BR>1.2 Opening of
encrypted database:<BR> <BR> 1.2.1 We know
that databse is
encrypted<BR> <BR> OpenEncrypted(
db
)<BR> {<BR> db.UsePassword(
"password" ) -- never produce
error<BR> try
<BR> db.Open()
--
can throw error NOT_ENCRYPTED,
WRONG_PASSW<BR> catch
err<BR> }<BR><BR> 1.2.2 We do not know if
this databse is encrypted. <BR><BR> OpenUnknown( db
)<BR> {<BR> db
= new VDatabase()<BR> try
<BR> db.Open()
--
can throw error WRONG_PASSW
<BR> catch
err<BR> OpenAsEncrypted()<BR> end<BR> }<BR><BR><BR> OpenAsEncrypted()<BR> {<BR> //
Ask user for a password. E.g. VStudio may need
this.<BR> passw =
...<BR> <BR> //
then open db using that
password:<BR> OpenEncrypted(
passw );<BR> }<BR><BR><BR>1.3 Decryption of existed
encrypted database<BR><BR> db.Decrypt( "passw"
)<BR><BR><BR>1.4. Change of
password:<BR><BR> db.ChangePassword( "passw", "passw2"
)<BR><BR><BR><BR>//
----------------------------------------------------<BR>2.1 Database is not
encrypted and we want encrypt one
table<BR><BR> db.Open() -- open
without password.<BR><BR> db.Table( "tblEncrypted"
).Encrypt( "passwtbl" ) -- can throw error.<BR><BR><BR>2.2 Database is not
encrypted but one of tables is.<BR><BR> db.Open()
-- open without
password.<BR><BR> db.Table( "tblEncrypted"
).UsePassword( "passwtbl" ) -- can throw error.<BR><BR><BR>2.3 Remove
encryption from single table:<BR><BR> db.Table(
"tblEncrypted" ).Decrypt( "passwtbl" )<BR><BR>-- <BR>Best
regards,<BR><BR>Ruslan Zasukhin<BR>VP Engineering and New
Technology<BR>Paradigma Software, Inc<BR><BR>Valentina - Joining Worlds of
Information <BR><A
href="http://www.paradigmasoft.com">http://www.paradigmasoft.com</A><BR><BR>[I
feel the need: the need for speed]<BR></BLOCKQUOTE></SPAN></FONT></BODY></HTML>