firebird icon indicating copy to clipboard operation
firebird copied to clipboard

Published 20 hours ago verified publisher icon FirebirdSQL

Feature Request: support for crypt plugins with only decrypt functionality implemented

Open aafemt opened this issue 1 year ago • 3 comments

Currently it is impossible to have a crypt plugin that support only decryption because of the method how database signature is checked.

Only working decrypt() function should be enough for read-only access to encrypted databases.

aafemt avatar Oct 11 '24 15:10 aafemt

What do you think about adding special function for signature generation to plugin?

AlexPeshkoff avatar Oct 14 '24 07:10 AlexPeshkoff

It would make database dependent on plugin implementation. Currently it depends only on used algorithm i.e. any plugin implementing AES encryption can be freely replaced with other. I don't think that such function would be a good idea.

aafemt avatar Oct 14 '24 08:10 aafemt

I would suggest that in the database signature to be stored as encrypted SHA256 hash. In this case its check is a calculation of a new hash, decryption of old hash and comparison of these hashes. SHA256 is chosen because it has size 256 bits i.e. two DES/AES blocks.

aafemt avatar Oct 14 '24 09:10 aafemt